this shortcut cannot be accessed. you may not have the appropriate permissions.

I know that there's another topic similar to this, but I didn't want to horn in on that one so I'm starting a new one, I'm following the steps outlined in that topic and will post results from each scan as they come up. I hope I can solve this, but if not I hope someone out there has knowledge on this. Thank you for your assistance in advance.

Hi there!

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
  
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

WIn32kDiag results

Running from: C:\Users\Matthew Tate\Downloads\Win32kDiag.exe

Log file at : C:\Users\Matthew Tate\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.7808.1355040

[1] 2012-10-26 16:49:16 15180 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.7808.1355040 ()



Cannot access: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.7808.1355040

[1] 2012-10-26 16:49:16 15180 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.7808.1355040 ()





Finished!

What happened to ComboFix?

I finally got it to download and run, I was having internet issues with the lovely cable service I have right now, here's the log


ComboFix 12-10-26.05 - Matthew Tate 10/28/2012 1:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3375 [GMT -4]
Running from: c:\users\Matthew Tate\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated*
FW: Kaspersky Internet Security *Disabled*
SP: Kaspersky Internet Security *Disabled/Updated*
SP: Windows Defender *Enabled/Updated*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
c:\users\Matthew Tate\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 06:05 . 2012-10-28 06:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 05:04 . 2012-05-15 19:54 4295288 ----a-w- c:\windows\SysWow64\GameMon.des
2012-10-27 18:50 . 2012-10-28 05:32 -------- d-----w- c:\users\Matthew Tate\AppData\Local\PMB Files
2012-10-27 18:50 . 2012-10-28 01:09 -------- d-----w- c:\programdata\PMB Files
2012-10-27 18:15 . 2012-10-27 18:15 -------- d-----w- c:\program files\CCleaner
2012-10-27 18:10 . 2012-10-27 18:10 -------- d-----w- c:\program files (x86)\ESET
2012-10-27 05:54 . 2012-10-27 05:54 0 ----a-w- c:\windows\SysWow64\sho8A4D.tmp
2012-10-26 21:25 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-26 20:50 . 2012-10-28 05:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{806A3213-F2F8-462D-9B74-909731C534BD}\offreg.dll
2012-10-26 20:41 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-10-26 20:41 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-10-26 20:41 . 2012-10-26 20:41 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-10-26 19:29 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{806A3213-F2F8-462D-9B74-909731C534BD}\mpengine.dll
2012-10-26 05:32 . 2012-10-26 05:32 -------- d-----w- c:\users\Matthew Tate\AppData\Local\NCSoft
2012-10-26 05:20 . 2012-10-26 05:20 -------- d-----w- c:\program files (x86)\Pando Networks
2012-10-26 05:20 . 2012-10-26 05:20 -------- d-----w- c:\users\Matthew Tate\.swt
2012-10-26 05:19 . 2012-10-26 05:19 -------- d-----w- c:\users\Matthew Tate\AppData\Local\Pando_Temp
2012-10-26 05:18 . 2012-10-28 06:04 -------- d-----w- c:\users\Matthew Tate\AppData\Local\assembly
2012-10-26 05:17 . 2012-10-27 18:51 -------- d-----w- c:\program files (x86)\NCSoft
2012-10-21 17:50 . 2012-10-21 18:00 -------- d-----w- c:\users\Matthew Tate\AppData\Roaming\Audacity
2012-10-21 17:50 . 2012-10-21 17:50 -------- d-----w- c:\program files (x86)\Audacity
2012-10-17 16:35 . 2012-10-17 16:35 -------- d-----w- c:\program files (x86)\Panda Security
2012-10-16 11:24 . 2012-10-16 11:24 0 ----a-w- c:\windows\SysWow64\sho8632.tmp
2012-10-15 09:41 . 2012-10-15 09:41 -------- d-----w- c:\users\Matthew Tate\AppData\Local\Microsoft Games
2012-10-15 09:24 . 2012-10-15 09:24 -------- d-----w- c:\users\Matthew Tate\AppData\Roaming\Malwarebytes
2012-10-15 09:23 . 2012-10-15 09:23 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 09:23 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-15 09:23 . 2012-10-27 18:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-14 08:15 . 2012-10-14 08:15 0 ----a-w- c:\windows\SysWow64\sho2DF2.tmp
2012-10-14 04:12 . 2012-10-14 04:20 -------- d-----w- c:\users\Matthew Tate\AppData\Roaming\Trillian
2012-10-14 04:12 . 2012-10-14 04:12 -------- d-----w- c:\program files (x86)\Trillian
2012-10-13 18:34 . 2012-10-13 18:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-13 18:34 . 2012-10-13 18:34 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-10-11 22:30 . 2012-10-11 22:30 -------- d-----w- c:\program files\WinRAR
2012-10-11 16:49 . 2012-10-11 16:51 -------- d-----w- c:\program files\Recuva
2012-10-11 16:15 . 2012-10-11 16:15 -------- d-----w- c:\users\Matthew Tate\AppData\Local\Fallout3
2012-10-11 16:07 . 2012-10-11 16:07 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-10-11 07:30 . 2012-10-11 07:30 -------- d-----w- c:\windows\SysWow64\xlive
2012-10-09 23:24 . 2012-10-09 23:27 -------- d-----w- c:\program files (x86)\Philips
2012-10-09 23:20 . 2012-10-09 23:20 -------- d-----w- c:\users\Matthew Tate\AppData\Local\Programs
2012-10-09 23:20 . 2012-10-09 23:20 -------- d-----w- c:\users\Matthew Tate\AppData\Local\ArcSoft
2012-10-09 23:20 . 2012-10-09 23:21 -------- d-----w- c:\users\Matthew Tate\AppData\Roaming\ArcSoft
2012-10-09 23:19 . 2012-10-09 23:21 -------- d-----w- c:\programdata\ArcSoft
2012-10-09 23:19 . 2012-10-09 23:19 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-10-09 23:19 . 2012-10-09 23:19 -------- d-----w- c:\program files (x86)\ArcSoft
2012-10-09 23:19 . 2005-04-27 20:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2012-10-09 23:19 . 2004-05-04 15:53 1645320 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-10-09 23:18 . 2012-10-09 23:18 -------- d-----w- C:\Philips
2012-10-09 23:17 . 2012-10-09 23:18 -------- d-----w- C:\temp
2012-10-09 23:17 . 2012-10-11 07:29 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-10-09 03:37 . 2012-10-09 03:37 0 ----a-w- c:\windows\SysWow64\shoFD35.tmp
2012-10-06 08:17 . 2012-10-06 08:17 0 ----a-w- c:\windows\SysWow64\shoE8E5.tmp
2012-10-05 11:15 . 2012-10-05 11:15 0 ----a-w- c:\windows\SysWow64\shoD7D8.tmp
2012-10-03 10:54 . 2012-10-03 10:54 -------- d-----w- c:\users\Matthew Tate\AppData\Local\MPlayer
2012-10-01 03:27 . 2012-10-01 03:27 0 ----a-w- c:\windows\SysWow64\sho7901.tmp
2012-09-30 07:54 . 2012-09-30 07:54 -------- d-----w- C:\Crash
2012-09-30 07:53 . 2012-09-30 07:53 -------- d--h--w- c:\windows\msdownld.tmp
2012-09-30 07:39 . 2012-09-30 07:44 -------- d-----w- c:\users\Matthew Tate\AppData\Roaming\GetRightToGo
2012-09-29 21:39 . 2012-09-29 21:39 -------- d-----w- c:\users\Matthew Tate\AppData\Local\Skyrim
2012-09-29 20:10 . 2012-09-29 21:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-29 20:03 . 2010-02-04 14:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-09-29 20:03 . 2010-02-04 14:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-09-29 20:03 . 2010-02-04 14:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-09-29 20:03 . 2010-02-04 14:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-09-29 20:02 . 2010-02-04 14:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-09-29 20:02 . 2010-02-04 14:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-09-29 20:02 . 2010-02-04 14:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-09-29 20:02 . 2010-02-04 14:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-09-29 19:54 . 2012-09-29 20:00 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-09-29 18:26 . 2012-09-29 18:26 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f49684061cd9e6f01\bingbarsetup.exe
2012-09-29 18:21 . 2012-09-29 18:21 -------- d-----w- c:\users\Matthew Tate\AppData\Roaming\nswb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 17:29 . 2012-06-26 17:33 637272 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-11 07:02 . 2012-06-10 14:48 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 18:52 . 2012-06-09 00:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 18:52 . 2011-11-09 18:53 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 22:27 . 2012-03-20 12:41 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-09-22 22:27 . 2012-03-20 12:41 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-22 22:27 . 2012-03-20 12:41 4747840 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-09-22 22:27 . 2012-03-20 12:41 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-09-22 22:27 . 2012-03-20 12:41 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-09-22 22:24 . 2012-09-22 22:25 535552 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-09-22 22:24 . 2012-09-22 22:24 654336 ------w- c:\windows\system32\stapi64.dll
2012-09-22 22:24 . 2012-09-22 22:24 448512 ----a-w- c:\windows\system32\stcplx64.dll
2012-09-22 22:24 . 2012-09-22 22:24 1987072 ----a-w- c:\windows\system32\stapo64.dll
2012-09-22 22:24 . 2012-03-20 12:37 4444672 ----a-w- c:\windows\system32\stlang64.dll
2012-09-22 22:24 . 2012-03-20 12:37 1425408 ----a-w- c:\windows\sttray64.exe
2012-09-22 22:24 . 2012-03-20 12:37 251904 ----a-w- c:\windows\system32\staco64.dll
2012-09-22 22:24 . 2012-03-20 12:37 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-09-22 22:24 . 2012-03-20 12:37 5298688 ----a-w- c:\windows\system32\IDTNHP.dll
2012-09-22 22:24 . 2012-03-20 12:37 249344 ----a-w- c:\windows\system32\IDTNJ.exe
2012-09-22 22:24 . 2012-03-20 12:37 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-09-22 22:24 . 2012-03-20 12:37 1085440 ----a-w- c:\windows\system32\IDTNX.dll
2012-09-22 22:24 . 2012-03-20 12:37 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-09-22 22:24 . 2012-03-20 12:37 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-09-22 22:24 . 2012-03-20 12:37 223744 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-09-22 22:24 . 2012-03-20 12:37 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-09-22 22:24 . 2012-03-20 12:37 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2012-09-20 08:33 . 2012-09-20 08:33 40960 ----a-r- c:\users\Matthew Tate\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-09-20 08:33 . 2012-09-20 08:33 40960 ----a-r- c:\users\Matthew Tate\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-09-11 13:22 . 2012-09-11 13:22 0 ----a-w- c:\windows\SysWow64\sho6AB8.tmp
2012-09-10 10:07 . 2012-09-10 10:07 0 ----a-w- c:\windows\SysWow64\sho8306.tmp
2012-09-07 11:03 . 2012-09-07 11:03 21840 ----a-w- c:\windows\SysWow64\SIntfNT.dll
2012-09-07 11:03 . 2012-09-07 11:03 17212 ----a-w- c:\windows\SysWow64\SIntf32.dll
2012-09-07 11:03 . 2012-09-07 11:03 12067 ----a-w- c:\windows\SysWow64\SIntf16.dll
2012-09-02 09:44 . 2012-09-02 09:44 0 ----a-w- c:\windows\SysWow64\shoB6FD.tmp
2012-09-02 01:47 . 2012-09-02 01:47 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-02 01:47 . 2012-09-02 01:47 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-02 01:47 . 2012-09-02 01:47 188904 ----a-w- c:\windows\system32\java.exe
2012-09-02 01:47 . 2012-09-02 01:47 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-02 01:47 . 2012-08-04 17:11 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 01:47 . 2012-08-04 17:11 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 00:41 . 2012-06-09 01:00 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 00:41 . 2012-06-09 01:00 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-28 09:28 . 2012-08-28 09:28 0 ----a-w- c:\windows\SysWow64\sho7933.tmp
2012-08-28 00:35 . 2012-08-28 00:35 1409 ----a-w- c:\windows\Fonts\fsex2p00_public.fot
2012-08-24 11:15 . 2012-09-23 02:55 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 02:55 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 02:55 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 02:55 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 02:55 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 02:55 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 02:55 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 02:55 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 02:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 02:55 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 02:55 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 02:55 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 02:55 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 02:55 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 02:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 02:55 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 02:55 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 02:55 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 02:55 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 02:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 02:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 02:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 09:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 18:50 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 23:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-17 02:31 . 2012-08-17 02:31 0 ----a-w- c:\windows\SysWow64\sho2BC9.tmp
2012-08-14 09:27 . 2012-08-14 09:27 0 ----a-w- c:\windows\SysWow64\shoA768.tmp
2012-08-08 09:24 . 2012-08-08 09:24 0 ----a-w- c:\windows\SysWow64\shoE5DC.tmp
2012-08-04 08:22 . 2012-08-04 08:22 0 ----a-w- c:\windows\SysWow64\sho7E9F.tmp
2012-08-02 17:58 . 2012-09-12 09:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-08-02 07:54 . 2012-08-02 07:54 0 ----a-w- c:\windows\SysWow64\sho7501.tmp
2012-08-01 08:52 . 2012-08-01 08:52 0 ----a-w- c:\windows\SysWow64\sho6588.tmp
2012-07-30 09:38 . 2012-07-30 09:38 0 ----a-w- c:\windows\SysWow64\sho46A2.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\prxtbIMVU.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"uTorrent"="c:\users\Matthew Tate\Downloads\uTorrent(1).exe" [2012-10-11 963984]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-27 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-24 206448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Matthew Tate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\Matthew Tate\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2012-10-4 23408]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-9-5 2429904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2012-10-9 1701224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-21 133672]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-21 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-09-22 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-13 283200]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 18:52]
.
2012-10-28 c:\windows\Tasks\ArcadeWeb Update.job
- c:\users\Matthew Tate\AppData\Local\ArcadeWeb\awuper.exe [2012-10-05 21:03]
.
2012-10-28 c:\windows\Tasks\HPCeeScheduleForBIGDADDY$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-10-21 c:\windows\Tasks\HPCeeScheduleForMatthew Tate.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-09-22 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220467
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=20ea4f8d-8fa4-4848-9ebe-f8904f66ebae&searchtype=ds&q={searchTerms}
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
FF - ProfilePath - c:\users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\
FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v1 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=20ea4f8d-8fa4-4848-9ebe-f8904f66ebae&searchtype=ds&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-08-29 18:18; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; c:\users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
FF - ExtSQL: 2012-09-29 14:55; {49c795c2-604a-4d18-aeb1-b3eba27e5ea2}; c:\users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtAzyyCtAtBtA0Azy0CyBtN0D0Tzu0CtByDtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1123433591
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtAzyyCtAtBtA0Azy0CyBtN0D0Tzu0CtByDtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1123433591
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyDtAzyyCtAtBtA0Azy0CyBtN0D0Tzu0CtByDtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1123433591&q=
FF - user.js: extensions.funmoods.id - C01885396323A9C7
FF - user.js: extensions.funmoods.instlDay - 15590
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:59
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run- - (no file)
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-28 02:07:49
ComboFix-quarantined-files.txt 2012-10-28 06:07
.
Pre-Run: 346,960,441,344 bytes free
Post-Run: 352,861,954,048 bytes free
.
- - End Of File - - 071D6DC07738E005780DDE411F5591E4

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

# AdwCleaner v2.005 - Logfile created 10/28/2012 at 20:31:09
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Matthew Tate - BIGDADDY
# Boot Mode : Normal
# Running from : C:\Users\Matthew Tate\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\IMVU_Inc
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Matthew Tate\AppData\Local\Conduit
Folder Deleted : C:\Users\Matthew Tate\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Matthew Tate\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\CT2260173
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\CT2612669
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\CT3220467
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\CT3220468
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\Smartbar
Folder Deleted : C:\Users\Matthew Tate\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220467
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IMVU_Inc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A19F5EBF-E163-4D4F-B7BD-33149BF756CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70537E41-2626-48F9-A1C7-29A2E3B568D4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97EDDF43-9320-4B30-8572-AFE297EBA6F7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220467 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=20ea4f8d-8fa4-4848-9ebe-f8904f66ebae&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=20ea4f8d-8fa4-4848-9ebe-f8904f66ebae&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0 (en-US)

Profile name : default
File : C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\prefs.js

C:\Users\Matthew Tate\AppData\Roaming\Mozilla\Firefox\Profiles\m0c9cixo.default\user.js ... Deleted !

Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2260173.FirstTime", "true");
Deleted : user_pref("CT2260173.FirstTimeFF3", "true");
Deleted : user_pref("CT2260173.UserID", "UN19123898152232520");
Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2260173.enableAlerts", "never");
Deleted : user_pref("CT2260173.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2260173.fixPageNotFoundError", "false");
Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2260173.fixUrls", true);
Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.isNewTabEnabled", false);
Deleted : user_pref("CT2260173.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Deleted : user_pref("CT2260173.search.searchCount", "0");
Deleted : user_pref("CT2260173.searchInNewTabEnabled", "false");
Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2260173.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2260173.sendUsageEnabled", "false");
Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342833864818");
Deleted : user_pref("CT2260173.serviceLayer_services_appTracking_lastUpdate", "1342833865252");
Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1342921170853");
Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342833864924");
Deleted : user_pref("CT2260173.serviceLayer_services_login_10.10.20.14_lastUpdate", "1342935571136");
Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342833864979");
Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1342921170899");
Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1342935571107");
Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342833865028");
Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1342935571083");
Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1342935571292");
Deleted : user_pref("CT2260173.settingsINI", true);
Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Deleted : user_pref("CT2260173.toolbarBornServerTime", "21-7-2012");
Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "22-7-2012");
Deleted : user_pref("CT2260173.toolbarDisabled", "true");
Deleted : user_pref("CT2612669.2612669a129684723478947121000000paramsGK3", "{\"updateReqTime\":1345965579668,\[...]
Deleted : user_pref("CT2612669.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2612669.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2612669.FirstTime", "true");
Deleted : user_pref("CT2612669.FirstTimeFF3", "true");
Deleted : user_pref("CT2612669.UserID", "UN80549322840681338");
Deleted : user_pref("CT2612669.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2612669.autoDisableScopes", -1);
Deleted : user_pref("CT2612669.cbcountry_001", "US");
Deleted : user_pref("CT2612669.cbfirsttime", "Sat Aug 25 2012 22:18:16 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2612669.defaultSearch", "false");
Deleted : user_pref("CT2612669.embeddedsData", "[{\"appId\":\"129170380618247104\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2612669.enableAlerts", "false");
Deleted : user_pref("CT2612669.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2612669.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2612669.fixPageNotFoundError", "true");
Deleted : user_pref("CT2612669.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2612669.fixUrls", true);
Deleted : user_pref("CT2612669.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2612669.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2612669.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2612669.isNewTabEnabled", true);
Deleted : user_pref("CT2612669.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2612669.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2612669.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.imvu.com%2Fs[...]
Deleted : user_pref("CT2612669.openThankYouPage", "false");
Deleted : user_pref("CT2612669.openUninstallPage", "true");
Deleted : user_pref("CT2612669.search.searchAppId", "129170380618247104");
Deleted : user_pref("CT2612669.search.searchCount", "0");
Deleted : user_pref("CT2612669.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2612669.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2612669.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2612669.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Deleted : user_pref("CT2612669.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2612669.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2612669.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2612669.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2612669.serviceLayer_services_app.twitter.user-imvuinc_lastUpdate", "1345968553955");
Deleted : user_pref("CT2612669.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345947493880");
Deleted : user_pref("CT2612669.serviceLayer_services_appsMetadata_lastUpdate", "1345947493094");
Deleted : user_pref("CT2612669.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345947493542");
Deleted : user_pref("CT2612669.serviceLayer_services_login_10.10.27.6_lastUpdate", "1345961915297");
Deleted : user_pref("CT2612669.serviceLayer_services_optimizer_lastUpdate", "1345963687181");
Deleted : user_pref("CT2612669.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345947493737");
Deleted : user_pref("CT2612669.serviceLayer_services_searchAPI_lastUpdate", "1345947492697");
Deleted : user_pref("CT2612669.serviceLayer_services_serviceMap_lastUpdate", "1345957512629");
Deleted : user_pref("CT2612669.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345947493473");
Deleted : user_pref("CT2612669.serviceLayer_services_toolbarSettings_lastUpdate", "1345961916425");
Deleted : user_pref("CT2612669.serviceLayer_services_translation_lastUpdate", "1345957512849");
Deleted : user_pref("CT2612669.settingsINI", true);
Deleted : user_pref("CT2612669.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2612669.smartbar.CTID", "CT2612669");
Deleted : user_pref("CT2612669.smartbar.Uninstall", "0");
Deleted : user_pref("CT2612669.smartbar.toolbarName", "IMVU Inc ");
Deleted : user_pref("CT2612669.startPage", "false");
Deleted : user_pref("CT2612669.toolbarBornServerTime", "26-8-2012");
Deleted : user_pref("CT2612669.toolbarCurrentServerTime", "26-8-2012");
Deleted : user_pref("CT2612669.toolbarDisabled", "true");
Deleted : user_pref("CT3220467.BT_Stats", "{\"last_log\":1348953428,\"uuid\":94153406772347,\"seq_id\":1,\"ssb[...]
Deleted : user_pref("CT3220467.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220467.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220467.FirstTime", "true");
Deleted : user_pref("CT3220467.FirstTimeFF3", "true");
Deleted : user_pref("CT3220467.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3220467.UserID", "UN59012445798564034");
Deleted : user_pref("CT3220467.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220467.autoDisableScopes", 14);
Deleted : user_pref("CT3220467.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3220467.cbcountry_001", "US");
Deleted : user_pref("CT3220467.cbfirsttime", "Sat Sep 29 2012 17:17:06 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3220467.embeddedsData", "[{\"appId\":\"129813684149564738\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220467.enableAlerts", "always");
Deleted : user_pref("CT3220467.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3220467.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220467.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220467.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220467.fixUrls", true);
Deleted : user_pref("CT3220467.installId", "fftBAAA.tmp.exe");
Deleted : user_pref("CT3220467.installType", "XPE");
Deleted : user_pref("CT3220467.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220467.isNewTabEnabled", false);
Deleted : user_pref("CT3220467.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220467.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220467.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220467.keyword", true);
Deleted : user_pref("CT3220467.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.com%[...]
Deleted : user_pref("CT3220467.openThankYouPage", "true");
Deleted : user_pref("CT3220467.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220467.search.searchAppId", "129813684149564738");
Deleted : user_pref("CT3220467.search.searchCount", "0");
Deleted : user_pref("CT3220467.searchInNewTabEnabled", "false");
Deleted : user_pref("CT3220467.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220467.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220467.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220467.sendUsageEnabled", "false");
Deleted : user_pref("CT3220467.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220467.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220467.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220467.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350692704006");
Deleted : user_pref("CT3220467.serviceLayer_services_appsMetadata_lastUpdate", "1351402917654");
Deleted : user_pref("CT3220467.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351372626338");
Deleted : user_pref("CT3220467.serviceLayer_services_login_10.10.27.6_lastUpdate", "1351402971983");
Deleted : user_pref("CT3220467.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351372626462");
Deleted : user_pref("CT3220467.serviceLayer_services_searchAPI_lastUpdate", "1351365569125");
Deleted : user_pref("CT3220467.serviceLayer_services_serviceMap_lastUpdate", "1351365564550");
Deleted : user_pref("CT3220467.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351372625949");
Deleted : user_pref("CT3220467.serviceLayer_services_toolbarSettings_lastUpdate", "1351402917348");
Deleted : user_pref("CT3220467.serviceLayer_services_translation_lastUpdate", "1351365565487");
Deleted : user_pref("CT3220467.settingsINI", true);
Deleted : user_pref("CT3220467.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220467.smartbar.CTID", "CT3220467");
Deleted : user_pref("CT3220467.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220467.smartbar.homepage", true);
Deleted : user_pref("CT3220467.smartbar.toolbarName", "uTorrentControl_v1 ");
Deleted : user_pref("CT3220467.startPage", "userChanged");
Deleted : user_pref("CT3220467.toolbarBornServerTime", "30-9-2012");
Deleted : user_pref("CT3220467.toolbarCurrentServerTime", "28-10-2012");
Deleted : user_pref("CT3220467.url_history0001", "magnet:?xt=urn:btih:F6F4D9C024E7DAC3399327396689BB0EDCFCE9E2[...]
Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1346288765,\"uuid\":97436637565098,\"seq_id\":1,\"ssb[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.UserID", "UN72836935455348345");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.cbcountry_001", "US");
Deleted : user_pref("CT3220468.cbfirsttime", "Wed Aug 29 2012 21:06:04 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fft284B.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.sexchatsexch[...]
Deleted : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1346288761997");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1346288761991");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1346288762868");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1346333952281");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1346288762927");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1346288761323");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1346298782508");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1346288762813");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1346333952372");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1346288762012");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "30-8-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "30-8-2012");
Deleted : user_pref("CT3220468.toolbarDisabled", "true");
Deleted : user_pref("CT3220468.url_history0001", "hxxps://www.google.com:::clickhandler:::1346291614408,,,hxxp[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v1 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&d[...]
Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl_v1 Customized Web Search");
Deleted : user_pref("extensions.funmoods.aflt", "axl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "96EA45C8226B3BC244F2FC70807FC134");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "C01885396323A9C7");
Deleted : user_pref("extensions.funmoods.instlDay", "15590");
Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:59:55");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:59:55");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:59:55");
Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&[...]

*************************

AdwCleaner[S1].txt - [38736 octets] - [28/10/2012 20:31:09]

########## EOF - C:\AdwCleaner[S1].txt - [38797 octets] ##########

ok, for some reason I can't post an attachment or upload it directly as a post

Good job!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.
  

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

C:\Sierra\Arcanum\dabarctest.exe a variant of Win32/GameHack.G application cleaned by deleting - quarantined

RogueKiller Scan

• Download RogueKiller and save it on your desktop.
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan
  

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.
  

• The report has been created on the desktop.
  

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.
  

Please post:

All RKreport.txt text files located on your desktop.

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matthew Tate [Admin rights]
Mode : Scan -- Date : 10/31/2012 12:51:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] ArcadeWeb Update.job : C:\Users\Matthew Tate\AppData\Local\ArcadeWeb\awuper.exe -> FOUND
[TASK][SUSP PATH] ArcadeWeb Update : C:\Users\Matthew Tate\AppData\Local\ArcadeWeb\awuper.exe -> FOUND
[TASK][SUSP PATH] {2E414FCF-DD23-4996-B777-CC254C51B881} : C:\Windows\system32\pcalua.exe -a "C:\Users\Matthew Tate\Desktop\skyrim\install.exe" -d "C:\Users\Matthew Tate\Desktop\skyrim" -> FOUND
[TASK][SUSP PATH] {4FFF44F9-0DC1-4595-8BED-4386C8259548} : C:\Windows\system32\pcalua.exe -a "C:\Users\Matthew Tate\Desktop\BG + ToTSC\VB6pkg.exe" -d "C:\Users\Matthew Tate\Desktop\BG + ToTSC" -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST640LM0 00 HM641JI SATA Disk Device +++++
--- User ---
[MBR] 2d7d75e48e946dc608c72a4772b50950
[BSP] c920c50bf185857def37a52a031cf7d1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584022 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1196486656 | Size: 22194 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Matthew Tate [Admin rights]
Mode : Remove -- Date : 10/31/2012 12:57:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] ArcadeWeb Update.job : C:\Users\Matthew Tate\AppData\Local\ArcadeWeb\awuper.exe -> DELETED
[TASK][SUSP PATH] ArcadeWeb Update : C:\Users\Matthew Tate\AppData\Local\ArcadeWeb\awuper.exe -> DELETED
[TASK][SUSP PATH] {2E414FCF-DD23-4996-B777-CC254C51B881} : C:\Windows\system32\pcalua.exe -a "C:\Users\Matthew Tate\Desktop\skyrim\install.exe" -d "C:\Users\Matthew Tate\Desktop\skyrim" -> DELETED
[TASK][SUSP PATH] {4FFF44F9-0DC1-4595-8BED-4386C8259548} : C:\Windows\system32\pcalua.exe -a "C:\Users\Matthew Tate\Desktop\BG + ToTSC\VB6pkg.exe" -d "C:\Users\Matthew Tate\Desktop\BG + ToTSC" -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST640LM0 00 HM641JI SATA Disk Device +++++
--- User ---
[MBR] 2d7d75e48e946dc608c72a4772b50950
[BSP] c920c50bf185857def37a52a031cf7d1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584022 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1196486656 | Size: 22194 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

How's the shortcut doing?

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.
  

I still can't access any of them, and it's not just shortcuts now, it's the same programs from the start menu

Run the ESET scan?

Also, do the following:

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Copy the code below in the quotebox, go back to OTL and paste it in the Custom Scans/Fixes box:
  
  

  DRIVES
  SHOWHIDDEN
  msconfig
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  %systemroot%\system32\sysprep
  c:\*.xpi /s /md5
  %systemroot%\Downloaded Program Files\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe /md5
  "%WinDir%\$NtUninstallKB*$." /30
  %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\Installer\ /s
  %systemroot%\system32\Cache\ /s
  %systemroot%\system32\config\systemprofile\Application Data /s
  %appdata%\*.*
  /md5start
  volsnap.sys
  services.exe
  userinit.exe
  afd.sys
  ipnathlp.dll
  winlogon.exe
  atapi.sys
  explorer.exe
  /md5stop

  
  
  
• Click the Run Scan button. The scan will not take long.
  
  • When the scan completes, it usually opens two notepad windows. OTL.Txt (Displayed on screen) and Extras.Txt (minimized). These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of OTL.txt and paste it to your next reply. I will let you know if I need the Extras.txt.

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :OTL
  [2012/11/02 12:45:43 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{93DFF96F-4FA8-4FFE-BE51-A221A10CE313}
  [2012/11/01 12:44:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1C5B8713-DB29-4ACB-8AE8-6A1402E4FA9D}
  [2012/10/31 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\RK_Quarantine
  [2012/10/31 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F653D02F-EE4D-4D7E-8262-8F6EA046372C}
  [2012/10/30 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\Star Trek ST.20.20120812b.9 Setup
  [2012/10/30 12:08:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{B4F271EC-9DBA-4CC5-99AE-22AD0EB28C94}
  [2012/10/29 11:42:44 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{4708490E-F106-4470-A0EA-98C3D629969A}
  [2012/10/28 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{E364135E-6517-46B4-B27B-CFC0344AA1C7}
  [2012/10/28 16:57:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\Champions Online BT FC.26.20120410a.5
  [2012/10/28 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{CD5ADA9F-0E91-47C4-980F-476619B759AC}
  [2012/10/27 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1A40A679-6D81-4AC3-B753-CF1C03458572}
  [2012/10/26 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EC91B76C-BD9E-4CCF-A932-E96A0FAEC0EF}
  [2012/10/25 13:38:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{DCA5AA93-37DE-4E5A-86C9-9FD73A89BB4C}
  [2012/10/25 01:37:48 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{7A250008-FB15-4330-B63B-C0EEE9B58532}
  [2012/10/24 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F06FE224-1A5D-4992-A88A-513EB019ACEF}
  [2012/10/23 13:36:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{CB8E1A15-0372-4A85-8FD9-FC83ED2E95E7}
  [2012/10/23 01:35:51 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{47C97052-D031-4981-BE82-7DD119544B27}
  [2012/10/22 13:35:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{059FDE01-FD67-4D73-AE1A-3746AD2281AE}
  [2012/10/21 13:50:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Roaming\Audacity
  [2012/10/21 13:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
  [2012/10/21 12:46:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FAB41418-4F49-4999-98B2-F86A79F95C69}
  [2012/10/21 00:45:32 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{8563A306-16F1-4B17-A215-8DB81EF4E2FB}
  [2012/10/20 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{D220D27B-5375-4FC5-B2EC-C59B073CD177}
  [2012/10/19 20:25:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{10DD8EDD-6411-4272-86FA-5AE6138725C4}
  [2012/10/19 02:54:41 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FD64922D-1E5A-44A7-96BE-E60E89D85D93}
  [2012/10/19 02:37:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{2BBED519-407D-4829-BF7E-A2121EA6688F}
  [2012/10/18 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EFAC6262-7E49-48DB-BF20-3357D20C81CB}
  [2012/10/17 12:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
  [2012/10/17 12:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
  [2012/10/17 12:30:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{5D366ED7-5192-4386-A05B-598C3270CF34}
  [2012/10/16 15:15:53 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EA1E1172-E69C-4637-9BBC-8C4E2E73141F}
  [2012/10/15 14:24:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{27E6660D-B99B-4BD3-B601-C2FB4DB72551}
  [2012/10/14 14:17:11 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{4F70B37E-B681-416F-B638-FFF7931E409E}
  [2012/10/13 14:16:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{AD97C8F3-6929-448F-9F8E-832186BA9246}
  [2012/10/12 13:17:56 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F6817A93-AAA9-4737-BC63-F996D06C074D}
  [2012/10/11 11:48:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{8ADE859F-2529-460D-827F-E86D7D254363}
  [2012/10/10 18:57:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{5D490A8A-19E5-47EF-8CBB-B1AB03F785D4}
  [2012/10/09 13:38:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{02CA922E-39D5-469F-BAC6-F555B5B22485}
  [2012/10/08 04:36:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{A8B9274F-EA61-44ED-AA71-B5E3630E4BF2}
  [2012/10/07 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{60700B82-FA05-424D-AF7A-2F0FAAEDE556}
  [2012/10/06 14:04:42 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{7A71508C-1A95-426F-B22D-C02F60F1FAF0}
  [2012/10/05 18:21:06 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{0C63C4DB-3639-4CDB-9AF1-87945DD4A3FE}
  [2012/10/04 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FEAACFE0-A8AD-4ADB-ADFB-446F451E414F}
  [2012/10/03 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1FE4A123-65B4-4F75-AE3E-00E9F7D45F9A}
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

  
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

All processes killed
Error: Unable to interpret <[2012/11/02 12:45:43 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{93DFF96F-4FA8-4FFE-BE51-A221A10CE313}> in the current context!
Error: Unable to interpret <[2012/11/01 12:44:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1C5B8713-DB29-4ACB-8AE8-6A1402E4FA9D}> in the current context!
Error: Unable to interpret <[2012/10/31 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\RK_Quarantine> in the current context!
Error: Unable to interpret <[2012/10/31 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F653D02F-EE4D-4D7E-8262-8F6EA046372C}> in the current context!
Error: Unable to interpret <[2012/10/30 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\Star Trek ST.20.20120812b.9 Setup> in the current context!
Error: Unable to interpret <[2012/10/30 12:08:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{B4F271EC-9DBA-4CC5-99AE-22AD0EB28C94}> in the current context!
Error: Unable to interpret <[2012/10/29 11:42:44 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{4708490E-F106-4470-A0EA-98C3D629969A}> in the current context!
Error: Unable to interpret <[2012/10/28 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{E364135E-6517-46B4-B27B-CFC0344AA1C7}> in the current context!
Error: Unable to interpret <[2012/10/28 16:57:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\Champions Online BT FC.26.20120410a.5> in the current context!
Error: Unable to interpret <[2012/10/28 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{CD5ADA9F-0E91-47C4-980F-476619B759AC}> in the current context!
Error: Unable to interpret <[2012/10/27 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1A40A679-6D81-4AC3-B753-CF1C03458572}> in the current context!
Error: Unable to interpret <[2012/10/26 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EC91B76C-BD9E-4CCF-A932-E96A0FAEC0EF}> in the current context!
Error: Unable to interpret <[2012/10/25 13:38:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{DCA5AA93-37DE-4E5A-86C9-9FD73A89BB4C}> in the current context!
Error: Unable to interpret <[2012/10/25 01:37:48 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{7A250008-FB15-4330-B63B-C0EEE9B58532}> in the current context!
Error: Unable to interpret <[2012/10/24 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F06FE224-1A5D-4992-A88A-513EB019ACEF}> in the current context!
Error: Unable to interpret <[2012/10/23 13:36:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{CB8E1A15-0372-4A85-8FD9-FC83ED2E95E7}> in the current context!
Error: Unable to interpret <[2012/10/23 01:35:51 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{47C97052-D031-4981-BE82-7DD119544B27}> in the current context!
Error: Unable to interpret <[2012/10/22 13:35:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{059FDE01-FD67-4D73-AE1A-3746AD2281AE}> in the current context!
Error: Unable to interpret <[2012/10/21 13:50:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Roaming\Audacity> in the current context!
Error: Unable to interpret <[2012/10/21 13:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity> in the current context!
Error: Unable to interpret <[2012/10/21 12:46:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FAB41418-4F49-4999-98B2-F86A79F95C69}> in the current context!
Error: Unable to interpret <[2012/10/21 00:45:32 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{8563A306-16F1-4B17-A215-8DB81EF4E2FB}> in the current context!
Error: Unable to interpret <[2012/10/20 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{D220D27B-5375-4FC5-B2EC-C59B073CD177}> in the current context!
Error: Unable to interpret <[2012/10/19 20:25:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{10DD8EDD-6411-4272-86FA-5AE6138725C4}> in the current context!
Error: Unable to interpret <[2012/10/19 02:54:41 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FD64922D-1E5A-44A7-96BE-E60E89D85D93}> in the current context!
Error: Unable to interpret <[2012/10/19 02:37:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{2BBED519-407D-4829-BF7E-A2121EA6688F}> in the current context!
Error: Unable to interpret <[2012/10/18 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EFAC6262-7E49-48DB-BF20-3357D20C81CB}> in the current context!
Error: Unable to interpret <[2012/10/17 12:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security> in the current context!
Error: Unable to interpret <[2012/10/17 12:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security> in the current context!
Error: Unable to interpret <[2012/10/17 12:30:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{5D366ED7-5192-4386-A05B-598C3270CF34}> in the current context!
Error: Unable to interpret <[2012/10/16 15:15:53 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EA1E1172-E69C-4637-9BBC-8C4E2E73141F}> in the current context!
Error: Unable to interpret <[2012/10/15 14:24:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{27E6660D-B99B-4BD3-B601-C2FB4DB72551}> in the current context!
Error: Unable to interpret <[2012/10/14 14:17:11 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{4F70B37E-B681-416F-B638-FFF7931E409E}> in the current context!
Error: Unable to interpret <[2012/10/13 14:16:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{AD97C8F3-6929-448F-9F8E-832186BA9246}> in the current context!
Error: Unable to interpret <[2012/10/12 13:17:56 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F6817A93-AAA9-4737-BC63-F996D06C074D}> in the current context!
Error: Unable to interpret <[2012/10/11 11:48:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{8ADE859F-2529-460D-827F-E86D7D254363}> in the current context!
Error: Unable to interpret <[2012/10/10 18:57:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{5D490A8A-19E5-47EF-8CBB-B1AB03F785D4}> in the current context!
Error: Unable to interpret <[2012/10/09 13:38:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{02CA922E-39D5-469F-BAC6-F555B5B22485}> in the current context!
Error: Unable to interpret <[2012/10/08 04:36:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{A8B9274F-EA61-44ED-AA71-B5E3630E4BF2}> in the current context!
Error: Unable to interpret <[2012/10/07 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{60700B82-FA05-424D-AF7A-2F0FAAEDE556}> in the current context!
Error: Unable to interpret <[2012/10/06 14:04:42 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{7A71508C-1A95-426F-B22D-C02F60F1FAF0}> in the current context!
Error: Unable to interpret <[2012/10/05 18:21:06 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{0C63C4DB-3639-4CDB-9AF1-87945DD4A3FE}> in the current context!
Error: Unable to interpret <[2012/10/04 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FEAACFE0-A8AD-4ADB-ADFB-446F451E414F}> in the current context!
Error: Unable to interpret <[2012/10/03 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1FE4A123-65B4-4F75-AE3E-00E9F7D45F9A}> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Matthew Tate\Downloads\cmd.bat deleted successfully.
C:\Users\Matthew Tate\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthew Tate
->Temp folder emptied: 90411796 bytes
->Temporary Internet Files folder emptied: 3613418 bytes
->Java cache emptied: 5625686 bytes
->FireFox cache emptied: 647356609 bytes
->Flash cache emptied: 3031 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 594663 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 60195 bytes

Total Files Cleaned = 713.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11052012_014042

Files\Folders moved on Reboot...
C:\Users\Matthew Tate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\01[2].htm not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\943[1].swf not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\ADSAdClient31[2].htm not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\falloval_234x60_30Oct12_NR[1].gif not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\fwlink[1].htm not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\fwlink[2].htm not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\prototype[1].js not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\rdr[1].htm not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\rdr[2].htm not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\UnitConvertCheckUpdate[1].js not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\web[1].xml not found!
File\Folder C:\Users\Matthew Tate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOFBW12B\winamp_js_lib[1].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Please try this again (copy ALL code in red below):


Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  :OTL
  [2012/11/02 12:45:43 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{93DFF96F-4FA8-4FFE-BE51-A221A10CE313}
  [2012/11/01 12:44:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1C5B8713-DB29-4ACB-8AE8-6A1402E4FA9D}
  [2012/10/31 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\RK_Quarantine
  [2012/10/31 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F653D02F-EE4D-4D7E-8262-8F6EA046372C}
  [2012/10/30 13:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\Star Trek ST.20.20120812b.9 Setup
  [2012/10/30 12:08:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{B4F271EC-9DBA-4CC5-99AE-22AD0EB28C94}
  [2012/10/29 11:42:44 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{4708490E-F106-4470-A0EA-98C3D629969A}
  [2012/10/28 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{E364135E-6517-46B4-B27B-CFC0344AA1C7}
  [2012/10/28 16:57:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\Desktop\Champions Online BT FC.26.20120410a.5
  [2012/10/28 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{CD5ADA9F-0E91-47C4-980F-476619B759AC}
  [2012/10/27 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1A40A679-6D81-4AC3-B753-CF1C03458572}
  [2012/10/26 15:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EC91B76C-BD9E-4CCF-A932-E96A0FAEC0EF}
  [2012/10/25 13:38:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{DCA5AA93-37DE-4E5A-86C9-9FD73A89BB4C}
  [2012/10/25 01:37:48 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{7A250008-FB15-4330-B63B-C0EEE9B58532}
  [2012/10/24 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F06FE224-1A5D-4992-A88A-513EB019ACEF}
  [2012/10/23 13:36:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{CB8E1A15-0372-4A85-8FD9-FC83ED2E95E7}
  [2012/10/23 01:35:51 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{47C97052-D031-4981-BE82-7DD119544B27}
  [2012/10/22 13:35:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{059FDE01-FD67-4D73-AE1A-3746AD2281AE}
  [2012/10/21 13:50:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Roaming\Audacity
  [2012/10/21 13:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
  [2012/10/21 12:46:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FAB41418-4F49-4999-98B2-F86A79F95C69}
  [2012/10/21 00:45:32 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{8563A306-16F1-4B17-A215-8DB81EF4E2FB}
  [2012/10/20 12:45:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{D220D27B-5375-4FC5-B2EC-C59B073CD177}
  [2012/10/19 20:25:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{10DD8EDD-6411-4272-86FA-5AE6138725C4}
  [2012/10/19 02:54:41 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FD64922D-1E5A-44A7-96BE-E60E89D85D93}
  [2012/10/19 02:37:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{2BBED519-407D-4829-BF7E-A2121EA6688F}
  [2012/10/18 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EFAC6262-7E49-48DB-BF20-3357D20C81CB}
  [2012/10/17 12:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
  [2012/10/17 12:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
  [2012/10/17 12:30:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{5D366ED7-5192-4386-A05B-598C3270CF34}
  [2012/10/16 15:15:53 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{EA1E1172-E69C-4637-9BBC-8C4E2E73141F}
  [2012/10/15 14:24:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{27E6660D-B99B-4BD3-B601-C2FB4DB72551}
  [2012/10/14 14:17:11 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{4F70B37E-B681-416F-B638-FFF7931E409E}
  [2012/10/13 14:16:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{AD97C8F3-6929-448F-9F8E-832186BA9246}
  [2012/10/12 13:17:56 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{F6817A93-AAA9-4737-BC63-F996D06C074D}
  [2012/10/11 11:48:59 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{8ADE859F-2529-460D-827F-E86D7D254363}
  [2012/10/10 18:57:33 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{5D490A8A-19E5-47EF-8CBB-B1AB03F785D4}
  [2012/10/09 13:38:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{02CA922E-39D5-469F-BAC6-F555B5B22485}
  [2012/10/08 04:36:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{A8B9274F-EA61-44ED-AA71-B5E3630E4BF2}
  [2012/10/07 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{60700B82-FA05-424D-AF7A-2F0FAAEDE556}
  [2012/10/06 14:04:42 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{7A71508C-1A95-426F-B22D-C02F60F1FAF0}
  [2012/10/05 18:21:06 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{0C63C4DB-3639-4CDB-9AF1-87945DD4A3FE}
  [2012/10/04 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{FEAACFE0-A8AD-4ADB-ADFB-446F451E414F}
  [2012/10/03 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{1FE4A123-65B4-4F75-AE3E-00E9F7D45F9A}
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

========== OTL ==========
C:\Users\Matthew Tate\AppData\Local\{93DFF96F-4FA8-4FFE-BE51-A221A10CE313} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{1C5B8713-DB29-4ACB-8AE8-6A1402E4FA9D} folder moved successfully.
C:\Users\Matthew Tate\Desktop\RK_Quarantine folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{F653D02F-EE4D-4D7E-8262-8F6EA046372C} folder moved successfully.
C:\Users\Matthew Tate\Desktop\Star Trek ST.20.20120812b.9 Setup\directx folder moved successfully.
C:\Users\Matthew Tate\Desktop\Star Trek ST.20.20120812b.9 Setup folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{B4F271EC-9DBA-4CC5-99AE-22AD0EB28C94} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{4708490E-F106-4470-A0EA-98C3D629969A} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{E364135E-6517-46B4-B27B-CFC0344AA1C7} folder moved successfully.
C:\Users\Matthew Tate\Desktop\Champions Online BT FC.26.20120410a.5\piggs folder moved successfully.
C:\Users\Matthew Tate\Desktop\Champions Online BT FC.26.20120410a.5\directx folder moved successfully.
C:\Users\Matthew Tate\Desktop\Champions Online BT FC.26.20120410a.5 folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{CD5ADA9F-0E91-47C4-980F-476619B759AC} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{1A40A679-6D81-4AC3-B753-CF1C03458572} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{EC91B76C-BD9E-4CCF-A932-E96A0FAEC0EF} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{DCA5AA93-37DE-4E5A-86C9-9FD73A89BB4C} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{7A250008-FB15-4330-B63B-C0EEE9B58532} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{F06FE224-1A5D-4992-A88A-513EB019ACEF} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{CB8E1A15-0372-4A85-8FD9-FC83ED2E95E7} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{47C97052-D031-4981-BE82-7DD119544B27} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{059FDE01-FD67-4D73-AE1A-3746AD2281AE} folder moved successfully.
C:\Users\Matthew Tate\AppData\Roaming\Audacity\AutoSave folder moved successfully.
C:\Users\Matthew Tate\AppData\Roaming\Audacity folder moved successfully.
C:\Program Files (x86)\Audacity\Plug-Ins folder moved successfully.
C:\Program Files (x86)\Audacity\Nyquist\rawwaves folder moved successfully.
C:\Program Files (x86)\Audacity\Nyquist folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\zh_TW folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\zh_CN folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\zh folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\wxstd folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\vi folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\uk folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\tr folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\tg folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\sv folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\sr_RS@latin folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\sr_RS folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\sq folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\sl folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\sk folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ru folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ro folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\pt_BR folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\pt folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\pl folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\oc folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\nl folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\nb folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\my folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ms folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\mk folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\lv folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\lt folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ko folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\km folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ka folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ja folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\it folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\id folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\hu folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\hi folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\he folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\gl_ES folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\gl folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ga folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\fr folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\fi folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\fa folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\eu folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\es folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\el folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\de folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\da folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\cy folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\cs folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ca@valencia folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ca folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\bs folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\bn folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\bg folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\be folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\ar folder moved successfully.
C:\Program Files (x86)\Audacity\Languages\af folder moved successfully.
C:\Program Files (x86)\Audacity\Languages folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\manual\images\8\8f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\manual\images\8 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\manual\images folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\manual folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\man folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\monobook\main.css folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\monobook\ie70fixes.css folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\monobook\ie60fixes.css folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\monobook\ie55fixes.css folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\monobook\ie50fixes.css folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\monobook folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\common\wikibits.js folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\common\images folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\common\iefixes.js folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins\common folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\skins folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\ff folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\fe folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\fd folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\fc folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\fb folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\fa folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f9 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f8 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f7 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f6 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f5 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f4 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f3 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f2 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f\f1 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\ef folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\ee folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\ed folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\ec folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\ea folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e9 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e8 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e5 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e4 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e3 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e2 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e1 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e\e0 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\df folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\de folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\dd folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\dc folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\db folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\da folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d9 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d8 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d7 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d6 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d5 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d4 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d3 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d2 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d\d0 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\cf folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\ce folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\cd folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\cc folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\cb folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\ca folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c9 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c7 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c6 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c5 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c4 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c3 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c2 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c\c0 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\bf folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\be folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\bd folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\bc folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\bb folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\ba folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\b8 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\b6 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\b5 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\b4 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\b3 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b\b2 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\af folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\ae folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\ac folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\ab folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\aa folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a9 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a8 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a7 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a6 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a5 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a3 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a1 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a\a0 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\a folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\9f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\9e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\9d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\9c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\9b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\9a folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\99 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\98 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\97 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\96 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\95 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\94 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\93 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\92 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\91 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9\90 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\9 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\8f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\8c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\8b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\89 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\88 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\87 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\86 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\85 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\84 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\83 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\81 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8\80 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\8 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\7f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\7e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\7d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\7c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\79 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\78 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\77 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\76 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\74 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\73 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\72 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7\71 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\7 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\6f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\6e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\6d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\6c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\6b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\65 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\64 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\63 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\61 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6\60 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\6 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\5f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\5e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\5d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\5c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\5a folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\59 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\58 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\57 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\56 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\55 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\54 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\51 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5\50 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\5 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\4e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\4d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\4b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\4a folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\49 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\48 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\47 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\46 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\45 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\43 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\42 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\41 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4\40 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\4 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\3f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\3e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\3d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\3c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\3b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\39 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\38 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\37 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\36 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\35 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\34 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\33 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\32 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3\31 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\3 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\2f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\2e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\2d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\2b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\29 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\27 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\25 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\24 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\22 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\21 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2\20 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\2 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\1f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\1d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\1c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\1b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\1a folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\19 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\18 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\17 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\16 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\15 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\14 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\13 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\12 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1\10 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\1 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\0f folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\0e folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\0d folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\0c folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\0b folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\09 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\08 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\07 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\06 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\04 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\03 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\02 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\01 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0\00 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images\0 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m\images folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\m folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\images\2\21 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\images\2 folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual\images folder moved successfully.
C:\Program Files (x86)\Audacity\help\manual folder moved successfully.
C:\Program Files (x86)\Audacity\help folder moved successfully.
C:\Program Files (x86)\Audacity folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{FAB41418-4F49-4999-98B2-F86A79F95C69} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{8563A306-16F1-4B17-A215-8DB81EF4E2FB} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{D220D27B-5375-4FC5-B2EC-C59B073CD177} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{10DD8EDD-6411-4272-86FA-5AE6138725C4} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{FD64922D-1E5A-44A7-96BE-E60E89D85D93} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{2BBED519-407D-4829-BF7E-A2121EA6688F} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{EFAC6262-7E49-48DB-BF20-3357D20C81CB} folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda Cloud Cleaner folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security folder moved successfully.
C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner folder moved successfully.
C:\Program Files (x86)\Panda Security folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{5D366ED7-5192-4386-A05B-598C3270CF34} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{EA1E1172-E69C-4637-9BBC-8C4E2E73141F} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{27E6660D-B99B-4BD3-B601-C2FB4DB72551} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{4F70B37E-B681-416F-B638-FFF7931E409E} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{AD97C8F3-6929-448F-9F8E-832186BA9246} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{F6817A93-AAA9-4737-BC63-F996D06C074D} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{8ADE859F-2529-460D-827F-E86D7D254363} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{5D490A8A-19E5-47EF-8CBB-B1AB03F785D4} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{02CA922E-39D5-469F-BAC6-F555B5B22485} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{A8B9274F-EA61-44ED-AA71-B5E3630E4BF2} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{60700B82-FA05-424D-AF7A-2F0FAAEDE556} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{7A71508C-1A95-426F-B22D-C02F60F1FAF0} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{0C63C4DB-3639-4CDB-9AF1-87945DD4A3FE} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{FEAACFE0-A8AD-4ADB-ADFB-446F451E414F} folder moved successfully.
C:\Users\Matthew Tate\AppData\Local\{1FE4A123-65B4-4F75-AE3E-00E9F7D45F9A} folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11052012_205342

Good work!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.
  

ran ESET, still can't access via shortcuts or start menu

Open OTL, press Quick Scan button, post log(s) please.

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :OTL
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
  O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
  O35:64bit: - HKLM\..comfile [open] -- "%1" %*
  O35:64bit: - HKLM\..exefile [open] -- "%1" %*
  O35 - HKLM\..comfile [open] -- "%1" %*
  O35 - HKLM\..exefile [open] -- "%1" %*
  O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
  O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
  O37 - HKLM\...com [@ = ComFile] -- "%1" %*
  O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  [2012/11/08 15:53:52 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{3626761D-4335-4C94-894C-DDDE909B3D60}
  [2012/11/07 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{17B0E49F-CAE0-4E52-A2E7-91DC8EB673D3}
  [2012/11/06 15:43:43 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{520F2AFD-89C9-406E-A25A-B87E6725AE88}
  [2012/11/05 14:09:28 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{0F21496F-48F6-4B01-B6E1-7F68C7DF3D2F}
  [2012/11/04 12:49:57 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{9E823BBA-6EF6-4E7E-89DB-8FB1FC762222}
  [2012/11/04 00:25:08 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{30C3CB49-D14C-41CA-909F-E8015D39F832}
  [2012/11/03 12:24:30 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{19ECDA31-8A9A-4C77-9FC0-B891DD227840}
  [2012/11/02 23:46:06 | 000,000,000 | ---D | C] -- C:\Users\Matthew Tate\AppData\Local\{8197B13D-8D21-4634-B7E4-5D9115A696EC}
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

  
  
  
• Then click the Run Fix button at the top.
  
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

it doesn't freeze, but when it does reboot it sits at a black screen and I've had to do a system restore on it to be able to use it, there's no log for it at all either

Not good. Post new OTL log, please.

I can't post a log because it doesn't create one

DDS Scanning

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
• Close the program window, and delete the program from your Desktop.