I can't get rid of this hijacker. Takes over all my searches. I tried "CC Cleaner: don't know if I should have. I am a senior. couldn't figure out how to "start a new thread" so started it here. Please help. I have done the dds etc, but ERUNT doesn't work.111001110111102

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16520 BrowserJavaVersion: 1.6.0_39
Run by Ruth at 16:17:18 on 2013-12-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3886.1502 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\System Control Manager\MSIService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\shaw\bin\shawsupport.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Airmiles Toolbar BHO: {5F3927FC-290D-4C7B-8A30-694E7CA9254B} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Airmiles Toolbar: {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll
TB: Airmiles Toolbar: {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\Ruth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\windows\UpdReg.EXE
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Ruth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SHAWSU~1.LNK - C:\Program Files (x86)\shaw\bin\shawsupport.exe
uPolicies-Explorer: NoDriveAutorun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 64.59.160.15 64.59.161.69
TCP: Interfaces\{094C1C24-A4E5-49FB-AE10-21205BD83451} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{1323AA37-9DD0-4CA6-B93C-0CDF56B634FF} : DHCPNameServer = 64.59.160.15 64.59.161.69
TCP: Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67} : DHCPNameServer = 64.59.160.15 64.59.161.69
TCP: Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67}\2457363616E656562794E6E6 : DHCPNameServer = 192.168.0.1 64.59.160.15 64.59.161.69
TCP: Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 64.59.160.13 64.59.160.15 64.59.161.68
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-17 13336]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-6-17 160768]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-12-9 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-12-9 171416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-17 2320920]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-1-24 128512]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-6-17 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-6-17 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-6-17 271872]
R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2010-6-17 32344]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-2-10 7675392]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-6-17 346144]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-12-9 3921880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\System32\drivers\ArcSoftKsUFilter.sys [2010-6-17 19968]
S3 EUCR;EUCR;C:\windows\System32\drivers\EUCR6SK.sys [2010-6-17 87888]
S3 ExpressAccountsService;Express Accounts;C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe [2012-3-13 3052548]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-6-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MEMSWEEP2;MEMSWEEP2;C:\windows\System32\1CA5.tmp [2013-7-2 6144]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-1-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-09 22:56:49 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2013-12-09 22:56:42 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-12-09 22:56:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-12-09 14:26:09 -------- d-----w- C:\Users\Ruth\AppData\Local\{4E6D4D28-EFE1-497F-8F31-ED1910FC735F}
2013-12-08 23:36:44 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28BA6EFB-E0FB-4E44-87E6-79E3FF2D39D5}\mpengine.dll
2013-12-08 23:26:28 -------- d-----w- C:\Users\Ruth\AppData\Local\{152F66CD-FB22-4743-8C68-707AD52ACD49}
2013-12-07 23:00:05 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-07 22:36:50 -------- d-----w- C:\Users\Ruth\AppData\Local\{588D9858-E4D9-4DF7-820F-255E674CEC87}
2013-12-07 05:36:53 -------- d-----w- C:\Users\Ruth\AppData\Local\{B23F09BB-B6CF-4080-82BB-607327CC2547}
2013-12-06 22:12:32 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{438B9A41-B01E-4F09-9F42-33D480A34AAE}\gapaengine.dll
2013-12-06 14:10:54 -------- d-----w- C:\Users\Ruth\AppData\Local\{D1775932-95D5-4A01-B23E-5E558EA10E1D}
2013-12-06 00:27:36 -------- d-----w- C:\Users\Ruth\AppData\Local\{47BE39C8-980B-48BD-8CE9-E834FE5592D8}
2013-12-05 14:17:44 -------- d-----w- C:\Program Files\CCleaner
2013-12-05 12:27:11 -------- d-----w- C:\Users\Ruth\AppData\Local\{1742652A-33C2-4F49-A737-A4F9D4408FF7}
2013-12-04 05:05:39 -------- d-----w- C:\Users\Ruth\AppData\Local\{E3979BE9-06B8-4772-9ED9-2723DD35A032}
2013-12-03 16:21:26 -------- d-----w- C:\Users\Ruth\AppData\Local\{DBC1415E-290B-4299-AB50-0BBC5ED658CF}
2013-12-03 04:20:50 -------- d-----w- C:\Users\Ruth\AppData\Local\{DB8D90C4-2961-43F7-AA8C-6C425FAC54DA}
2013-12-02 16:20:27 -------- d-----w- C:\Users\Ruth\AppData\Local\{649BCA91-6DD2-490D-AB6E-777AAA8DBE39}
2013-12-02 04:20:02 -------- d-----w- C:\Users\Ruth\AppData\Local\{11AD2CB6-8316-4463-A27F-8F33D03CC530}
2013-11-30 20:43:18 -------- d-----w- C:\Users\Ruth\AppData\Local\{513554E4-DC02-4870-8B78-A86E7C3CABB9}
2013-11-29 18:04:02 -------- d-----w- C:\Users\Ruth\AppData\Local\{BDFFABD5-EEDF-4E2C-8D60-0186884E8E16}
2013-11-29 06:03:26 -------- d-----w- C:\Users\Ruth\AppData\Local\{CAA5C6D7-9E8B-437A-8FEE-87AE56E76844}
2013-11-28 18:03:01 -------- d-----w- C:\Users\Ruth\AppData\Local\{09E2D369-10AB-4028-A1CF-288512361FF7}
2013-11-28 04:31:00 -------- d-----w- C:\Users\Ruth\AppData\Local\{C73EC231-03B0-477E-8292-DE463869A2F0}
2013-11-27 15:59:13 -------- d-----w- C:\Users\Ruth\AppData\Local\{239757D9-C37A-41EB-9678-8FD4C1999598}
2013-11-27 03:58:38 -------- d-----w- C:\Users\Ruth\AppData\Local\{E35BB9F9-74C7-4367-953E-3C3813BE6C44}
2013-11-26 15:58:13 -------- d-----w- C:\Users\Ruth\AppData\Local\{1FDD5203-690F-4503-8DDD-372F32B317AC}
2013-11-25 17:34:10 -------- d-----w- C:\Users\Ruth\AppData\Local\{D5868E3F-32B4-4DFD-80B6-D26F455BAAB3}
2013-11-25 04:59:55 -------- d-----w- C:\Users\Ruth\AppData\Local\{844C056D-D81F-4AD5-9E0A-1E9B0E05A580}
2013-11-24 16:59:30 -------- d-----w- C:\Users\Ruth\AppData\Local\{113674B2-3AB4-44D8-A6CE-4866DEF52891}
2013-11-23 23:19:22 -------- d-----w- C:\Users\Ruth\AppData\Local\{5BAC05CC-85DF-4CEA-AEA9-165C1617600E}
2013-11-22 17:33:25 -------- d-----w- C:\Users\Ruth\AppData\Local\{BD40ACAE-40F4-4C1E-A6D8-5C18DB726239}
2013-11-22 00:09:15 -------- d-----w- C:\Users\Ruth\AppData\Local\{E91F42D9-7737-4BFE-8117-CB9F43FEA8DD}
2013-11-21 03:12:42 -------- d-----w- C:\Users\Ruth\AppData\Local\{6D09E3E4-65F2-4565-AB60-B983D91A04B3}
2013-11-20 15:12:15 -------- d-----w- C:\Users\Ruth\AppData\Local\{9EC2434C-653B-424F-8C04-466B15538441}
2013-11-20 02:55:01 -------- d-----w- C:\Users\Ruth\AppData\Local\{E5F4FD1A-4592-4D2D-B34A-E48BCD5DE74D}
2013-11-19 12:50:56 -------- d-----w- C:\Users\Ruth\AppData\Local\{6516BD0D-B224-47D3-B9F2-C1DB0FB887FE}
2013-11-18 23:03:11 -------- d-----w- C:\Users\Ruth\AppData\Local\{6ACCB759-C635-4B97-BEB5-BE9D4E58297C}
2013-11-17 21:19:13 -------- d-----w- C:\Users\Ruth\AppData\Local\{507856EA-75BB-4993-9782-F47CCFF1EB4C}
2013-11-17 02:34:04 -------- d-----w- C:\Users\Ruth\AppData\Local\{C1298979-85B7-4607-A867-1E016CA38EB3}
2013-11-16 14:33:40 -------- d-----w- C:\Users\Ruth\AppData\Local\{666BB103-F72A-44C1-A0BF-E63DF1341259}
2013-11-15 20:38:25 -------- d-----w- C:\Users\Ruth\AppData\Local\{F57AC5F4-53A4-40D6-ABD6-236C56F00E20}
2013-11-14 18:56:26 -------- d-----w- C:\Users\Ruth\AppData\Local\{AC630C9E-57C8-4750-8986-E8C68864CE74}
2013-11-13 19:35:26 -------- d-----w- C:\Users\Ruth\AppData\Local\{AA088C43-7555-47AB-B0A6-59221C0FDE14}
2013-11-13 05:36:45 -------- d-----w- C:\Users\Ruth\AppData\Local\{66A2661A-D343-43AA-9BAD-2C42A79D0E15}
2013-11-13 01:11:15 -------- d-----r- C:\Program Files (x86)\Skype
2013-11-12 16:04:38 -------- d-----w- C:\Users\Ruth\AppData\Local\{9F076F76-A52E-466F-BAC3-E9A9A6F7D707}
2013-11-12 02:37:09 -------- d-----w- C:\Users\Ruth\AppData\Local\{12773346-EEF4-4B1C-8E93-B9C24633D82D}
2013-11-11 14:36:40 -------- d-----w- C:\Users\Ruth\AppData\Local\{78A04112-3C06-4DFE-9593-B5F5936CC588}
2013-11-10 22:55:08 -------- d-----w- C:\Users\Ruth\AppData\Local\{246F4986-9AA8-4A17-B7C8-1766C1566F1E}
2013-11-10 10:22:46 -------- d-----w- C:\Users\Ruth\AppData\Local\{8C9D60BD-3FBD-4EA8-A541-581389EDC8B5}
.
==================== Find3M ====================
.
2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-15 15:05:34 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 15:05:34 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-02 14:50:31 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-10-13 14:55:42 2334720 ----a-w- C:\windows\System32\jscript9.dll
2013-10-13 14:47:43 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-10-13 14:46:53 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-10-13 14:42:36 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-10-13 14:42:11 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-10-13 14:35:12 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-10-13 09:48:06 1806848 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-13 09:35:52 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-13 09:30:14 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-10-13 09:25:39 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-09 22:06:15 17813896 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-27 17:53:06 248240 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2013-09-27 17:53:06 134944 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe
.
============= FINISH: 16:18:26.16 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-09 16:23:06
-----------------------------
16:23:06.896 OS Version: Windows x64 6.1.7601 Service Pack 1
16:23:06.896 Number of processors: 4 586 0x2505
16:23:06.898 ComputerName: RUTH-MSI UserName: Ruth
16:23:08.197 Initialize success
16:24:52.079 AVAST engine defs: 13111900
16:25:03.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:25:03.083 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
16:25:03.233 Disk 0 MBR read successfully
16:25:03.237 Disk 0 MBR scan
16:25:03.327 Disk 0 Windows 7 default MBR code
16:25:03.343 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
16:25:03.388 Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 25167872
16:25:03.428 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 279959 MB offset 25372672
16:25:03.481 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 184591 MB offset 598728704
16:25:03.788 Disk 0 scanning C:\windows\system32\drivers
16:25:22.262 Service scanning
16:26:16.317 Modules scanning
16:26:16.330 Disk 0 trace - called modules:
16:26:16.362 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:26:16.370 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800486b060]
16:26:16.378 3 CLASSPNP.SYS[fffff88001bce43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045a2050]
16:26:17.527 AVAST engine scan C:\windows
16:26:20.894 AVAST engine scan C:\windows\system32
16:31:22.956 AVAST engine scan C:\windows\system32\drivers
16:31:47.394 AVAST engine scan C:\Users\Ruth
16:32:49.395 Disk 0 MBR has been saved successfully to "C:\Users\Ruth\Documents\MBR.dat"
16:32:49.403 The log file has been saved successfully to "C:\Users\Ruth\Documents\aswMBR spy bot.txt"
16:42:57.332 AVAST engine scan C:\ProgramData
16:45:35.752 Scan finished successfully
16:46:03.053 Disk 0 MBR has been saved successfully to "C:\Users\Ruth\Documents\MBR.dat"
16:46:03.118 The log file has been saved successfully to "C:\Users\Ruth\Documents\aswMBR spy bot final.txt"

:welcome:

Sorry for the delay, if you still need help please let me know, I would be more than happy to assist you.

Yes, thanks!


I fixed it with Malware bytes, running the computer in safe mode with networking.
Thanks for the reply.
Can all my stuff be deleted from this forum??

I thought I had removed Conduit and now it has popped up again. I don't know what to do Help!
Ruthb

Good Morning Ruth,

We can get rid of it, lets do this

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

File Found : C:\windows\System32\Tasks\NCH Software
Folder Found : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Folder Found : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
Folder Found : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Found : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Extensions\2pffxtbr@CouponAlert_2p.com
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\NCH Software
Folder Found C:\Program Files (x86)\otshot
Folder Found C:\Program Files (x86)\ParetoLogic
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\NCH Software
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Ruth\AppData\Local\apn
Folder Found C:\Users\Ruth\AppData\Local\Conduit
Folder Found C:\Users\Ruth\AppData\Local\CouponAlert_2p
Folder Found C:\Users\Ruth\AppData\Local\SwvUpdater
Folder Found C:\Users\Ruth\AppData\LocalLow\Conduit
Folder Found C:\Users\Ruth\AppData\LocalLow\PriceGong
Folder Found C:\Users\Ruth\AppData\LocalLow\ShoppingReport2
Folder Found C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\CT3287375
Folder Found C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\CT3289847
Folder Found C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Smartbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\NCH Software
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\FCTB000063267.FCTB000063267Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000063267.FCTB000063267Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000063267.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000063267.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000063267.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000063267.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\Supreme Savings
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\prefs.js ]

Line Found : user_pref("CT3287375.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3287375.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3287375.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3287375.FF19Solved", "true");
Line Found : user_pref("CT3287375.FirstTime", "true");
Line Found : user_pref("CT3287375.FirstTimeFF3", "true");
Line Found : user_pref("CT3287375.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3287375.PG_ENABLE.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3287375.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3287375.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3287375.SF_USER_ID.enc", "Y2lkXzEzNjIwMTMxNzI4NTE4MDQ1NzQ5");
Line Found : user_pref("CT3287375.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=");
Line Found : user_pref("CT3287375.UserID", "UN12825649783333770");
Line Found : user_pref("CT3287375.YTbyClickFavorites.enc", "W10=");
Line Found : user_pref("CT3287375.YTbyClickRecent.enc", "JTVCJTdCJTIyaWQlMjIlM0ElMjI1c1BoN3hsMjlkcyUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyTWluZWNyYWZ0JTIwRGlub3NhdXJzJTIwLSUyMCglMjBEaW5vc2F1ciUyMG1vZCUyMCklMjAtJTIwRXBpc29k[...]
Line Found : user_pref("CT3287375.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3287375.autoDisableScopes", 0);
Line Found : user_pref("CT3287375.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3287375.cbfirsttime.enc", "RnJpIE1heSAyNCAyMDEzIDExOjQ0OjAzIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3287375.defaultSearch", "true");
Line Found : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
Line Found : user_pref("CT3287375.enableAlerts", "true");
Line Found : user_pref("CT3287375.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT3287375.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3287375.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3287375.fixPageNotFoundError", "true");
Line Found : user_pref("CT3287375.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3287375.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3287375.fixUrls", true);
Line Found : user_pref("CT3287375.installDate", "17/5/2013 20:18:34");
Line Found : user_pref("CT3287375.installId", "stub.exe");
Line Found : user_pref("CT3287375.installSessionId", "{8AE068F8-6985-4C59-9D01-4A2A426C32D9}");
Line Found : user_pref("CT3287375.installSp", "TRUE");
Line Found : user_pref("CT3287375.installType", "conduitnsisintegration");
Line Found : user_pref("CT3287375.installUsage", "2013-05-18T07:52:13.5867738+03:00");
Line Found : user_pref("CT3287375.installUsageEarly", "2013-05-18T07:52:06.9876354+03:00");
Line Found : user_pref("CT3287375.installerVersion", "1.4.2.3");
Line Found : user_pref("CT3287375.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3287375.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3287375.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3287375.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3287375.keyword", "true");
Line Found : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN12825649783333770&SSPV=EB_SSPV&Lay=1&UM=2[...]
Line Found : user_pref("CT3287375.lastVersion", "10.16.2.509");
Line Found : user_pref("CT3287375.mam_gk_appStateReportTime.enc", "MTM3MTQ3OTQ4NTczMw==");
Line Found : user_pref("CT3287375.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3287375.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3287375.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3287375.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3287375.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI0Y2M0MDlmYi01YmM4LTRhYmQtOWYxMy01NDRjZTBmOGNlYzQiLCJ[...]
Line Found : user_pref("CT3287375.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Found : user_pref("CT3287375.mam_gk_eventsCache.enc", "eyIxZjljNTIxYy0zNjcxLTRmN2ItOTBhOC01MGYzMmUwMGUzODYiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Found : user_pref("CT3287375.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3287375.mam_gk_gadgetOpen.enc", "MA==");
Line Found : user_pref("CT3287375.mam_gk_lastLoginTime.enc", "MTM3MTQ3OTQ4NjA0Mg==");
Line Found : user_pref("CT3287375.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3287375.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3287375.mam_gk_settings1.5.0.3.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzIiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3287375.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3287375.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMSIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiO[...]
Line Found : user_pref("CT3287375.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3287375.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3287375.mam_gk_userId.enc", "MDM2ZTgyN2QtN2ZhOS00Y2VjLTkyYWUtOGZmNDhjZGM4YjE3");
Line Found : user_pref("CT3287375.migrateAppsAndComponents", true);
Line Found : user_pref("CT3287375.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://Vafmusic.OurToolbar.com/\",\"EB_TOOLBA[...]
Line Found : user_pref("CT3287375.openThankYouPage", "false");
Line Found : user_pref("CT3287375.openUninstallPage", "true");
Line Found : user_pref("CT3287375.originalHomepage", "about:home");
Line Found : user_pref("CT3287375.originalSearchAddressUrl", "");
Line Found : user_pref("CT3287375.originalSearchEngine", "Google");
Line Found : user_pref("CT3287375.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3287375.revertSettingsEnabled", "false");
Line Found : user_pref("CT3287375.search.searchAppId", "10000002");
Line Found : user_pref("CT3287375.search.searchCount", "0");
Line Found : user_pref("CT3287375.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3287375.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3287375.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3287375.searchRevert", "false");
Line Found : user_pref("CT3287375.searchUserMode", "2");
Line Found : user_pref("CT3287375.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3287375.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3287375.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287375\"}");
Line Found : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Vafmusic.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vafmusic\"}");
Line Found : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3287375.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368852726557");
Line Found : user_pref("CT3287375.serviceLayer_services_appsMetadata_lastUpdate", "1369421017621");
Line Found : user_pref("CT3287375.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368852727061");
Line Found : user_pref("CT3287375.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368852721440");
Line Found : user_pref("CT3287375.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368852730508");
Line Found : user_pref("CT3287375.serviceLayer_services_location_lastUpdate", "1369421128771");
Line Found : user_pref("CT3287375.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369488231178");
Line Found : user_pref("CT3287375.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368852727311");
Line Found : user_pref("CT3287375.serviceLayer_services_searchAPI_lastUpdate", "1369421128969");
Line Found : user_pref("CT3287375.serviceLayer_services_serviceMap_lastUpdate", "1369421128544");
Line Found : user_pref("CT3287375.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368852726815");
Line Found : user_pref("CT3287375.serviceLayer_services_toolbarSettings_lastUpdate", "1369488231566");
Line Found : user_pref("CT3287375.serviceLayer_services_translation_lastUpdate", "1369421129511");
Line Found : user_pref("CT3287375.settingsINI", true);
Line Found : user_pref("CT3287375.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3287375.showToolbarPermission", "false");
Line Found : user_pref("CT3287375.smartbar.CTID", "CT3287375");
Line Found : user_pref("CT3287375.smartbar.Uninstall", "0");
Line Found : user_pref("CT3287375.smartbar.homepage", "true");
Line Found : user_pref("CT3287375.smartbar.toolbarName", "Vafmusic ");
Line Found : user_pref("CT3287375.startPage", "true");
Line Found : user_pref("CT3287375.toolbarBornServerTime", "18-5-2013");
Line Found : user_pref("CT3287375.toolbarCurrentServerTime", "25-5-2013");
Line Found : user_pref("CT3287375.toolbarLoginClientTime", "Fri May 17 2013 21:52:09 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3287375.url_history0001.enc", "aHR0cDovL3d3dy5nb29nbGUuY2EvdXJsP3NhPXQmcmN0PWomcT1pJTIwZmVlbCUyMHByZXR0eSUyMG9oJTIwc28lMjBwcmV0dHkmc291cmNlPXdlYiZjZD0zJnNxaT0yJnZlZD0wQ0RrUUZqQUMmdXJsPWh0[...]
Line Found : user_pref("CT3287375.versionFromInstaller", "10.16.2.9");
Line Found : user_pref("CT3287375_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1371479471918,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description\":\"Ontario - CJRQ - Q92\",\"url\":\"hxxp://38.99.208.186/CJRQ\"}");
Line Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.FF19Solved", "true");
Line Found : user_pref("CT3289847.FirstTime", "true");
Line Found : user_pref("CT3289847.FirstTimeFF3", "true");
Line Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3289847.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3289847.SF_USER_ID.enc", "Y2lkXzI0NTIwMTMxMTQzNDYxNDcxMA==");
Line Found : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN50708178425552717&UM=2&q=");
Line Found : user_pref("CT3289847.UserID", "UN50708178425552717");
Line Found : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3289847.cbfirsttime.enc", "RnJpIE1heSAxNyAyMDEzIDIzOjMwOjQzIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3289847.defaultSearch", "true");
Line Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3289847.enableAlerts", "true");
Line Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3289847.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3289847.first_time_search.enc", "MQ==");
Line Found : user_pref("CT3289847.fixPageNotFoundError", "true");
Line Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3289847.fixUrls", true);
Line Found : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "ODdmZmIyYzktZDRkMC01YzUxLTY3YjUtZWE3ODkzNDBkNTA2");
Line Found : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "YmQ4Y2MwMWUtOWU2Ny04ZjBlLWFiNGYtNjgwOGYzNTZjMjk2");
Line Found : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "NDc1ZjU3NzItZDYxNy1hMWIxLWU5YzYtOGViNjc2ZmJiY2Mz");
Line Found : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "ZjA1NjY4ODMtNTdiNi00MGMwLTAzMTMtOTJiMmI2MDllODMw");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPXllcywgc2Nyb2xsYmFycz15ZXMsIGhzY3JvbGw9bm8gLHZzY3JvbGw9bm8sIHRpdGxlYmFyPXllcywgY2xvc2VvbmV4dGVybmFsY2xpY2[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbeyJpZCI6IjEwMSIsInR5cGUiOiJiYXIiLCJ2YWxpZGl0eSI6InBlcnNpc3QiLCJkYXRhIjp7ImhlaWdodCI6Ij[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZmIzYjBkN2YtZDc0ZC03ZmE1LTMxZWItYmVjZGI3NTMxZDZk");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Found : user_pref("CT3289847.installDate", "17/5/2013 20:21:32");
Line Found : user_pref("CT3289847.installId", "9818");
Line Found : user_pref("CT3289847.installSessionId", "-1");
Line Found : user_pref("CT3289847.installSp", "TRUE");
Line Found : user_pref("CT3289847.installType", "conduitnsisintegration");
Line Found : user_pref("CT3289847.installUsage", "2013-05-18T07:52:16.1609058+03:00");
Line Found : user_pref("CT3289847.installUsageEarly", "2013-05-18T07:52:07.096841+03:00");
Line Found : user_pref("CT3289847.installerVersion", "1.4.2.3");
Line Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3289847.keyword", "true");
Line Found : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN50708178425552717&SSPV=EB_SSPV&Lay=1&UM=2[...]
Line Found : user_pref("CT3289847.lastVersion", "10.16.2.509");
Line Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM3MTE2OTc0NzAyMg==");
Line Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI3NzZkYjZkYy01Zjc5LTQ2ZTMtOTZjMy01M2U1ZDZhZGU1OGQiLCJ[...]
Line Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Found : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyI0NDRjOTkyMi1jZmI4LTQ5YmItOTIxMy1iN2YwMTNlNDk3YTYiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Line Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM3MTE2OTczMTAzMw==");
Line Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjk3XzIiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3289847.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiO[...]
Line Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289847.mam_gk_userId.enc", "OTU2ZDVlYzQtMjc2My00N2YwLWIxM2ItZDMwNTNlY2MzZWYx");
Line Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Line Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WhiteSmokeNew.OurToolbar.com/\",\"EB_T[...]
Line Found : user_pref("CT3289847.openThankYouPage", "false");
Line Found : user_pref("CT3289847.openUninstallPage", "true");
Line Found : user_pref("CT3289847.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CUI=UN12825649783333770&UM=2&UP=SPE521903B-4391-499D-BA31-D7A9297EE899");
Line Found : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=");
Line Found : user_pref("CT3289847.originalSearchEngine", "Vafmusic Customized Web Search");
Line Found : user_pref("CT3289847.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3289847.revertSettingsEnabled", "true");
Line Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Line Found : user_pref("CT3289847.search.searchCount", "0");
Line Found : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3289847.searchRevert", "true");
Line Found : user_pref("CT3289847.searchUserMode", "2");
Line Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368852730566");
Line Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369421017631");
Line Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368858511192");
Line Found : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368852722286");
Line Found : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368852730639");
Line Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1369421130600");
Line Found : user_pref("CT3289847.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369488231268");
Line Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368858511282");
Line Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1369421130581");
Line Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1369421130398");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368858511235");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1369488231700");
Line Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1369421130801");
Line Found : user_pref("CT3289847.settingsINI", true);
Line Found : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3289847.showToolbarPermission", "false");
Line Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Line Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Line Found : user_pref("CT3289847.smartbar.homepage", "true");
Line Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Line Found : user_pref("CT3289847.startPage", "true");
Line Found : user_pref("CT3289847.toolbarBornServerTime", "18-5-2013");
Line Found : user_pref("CT3289847.toolbarCurrentServerTime", "25-5-2013");
Line Found : user_pref("CT3289847.toolbarLoginClientTime", "Fri May 17 2013 23:28:28 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3289847.url_history0001.enc", "aHR0cDovL3d3dy5nb29nbGUuY2EvdXJsP3NhPXQmcmN0PWomcT1pJTIwZmVlbCUyMHByZXR0eSUyMG9oJTIwc28lMjBwcmV0dHkmc291cmNlPXdlYiZjZD0zJnNxaT0yJnZlZD0wQ0RrUUZqQUMmdXJsPWh0[...]
Line Found : user_pref("CT3289847.versionFromInstaller", "10.16.2.9");
Line Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1371479472005,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN50708178425552717&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN50708178425552717&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN50708178425552717&UM=2&SearchSource=13");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Found : user_pref("extensions.crossrider.bic", "13eb5faed83ebca49c03be3d2213b35f");
Line Found : user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1368852721);
Line Found : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1368852721");
Line Found : user_pref("extensions.crossriderapp19962.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp19962.bic", "13eb5faed83ebca49c03be3d2213b35f");
Line Found : user_pref("extensions.crossriderapp19962.firstrun", false);
Line Found : user_pref("extensions.crossriderapp19962.installationdate", 1368852721);
Line Found : user_pref("extensions.crossriderapp19962.lastcheck", 22857991);
Line Found : user_pref("extensions.crossriderapp19962.lastcheckitem", 22857991);
Line Found : user_pref("extensions.crossriderapp19962.reportInstall", true);
Line Found : user_pref("extensions.crossriderapp19962.statsDailyCounter", 7);
Line Found : user_pref("extensions.enabledAddons", "longurlplease%40darragh.curran:0.5.1,2pffxtbr%40CouponAlert_2p.com:2.73.0.65458,crossriderapp19962%40crossrider.com:0.91.51,%7B6c3bc03f-d7b9-43ac-8931-c242e3cae9[...]
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77ecfec0&ptnrS=CDxpi000");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2012020416");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "CDxpi000");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "undefined");
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://www.naturalhealinghouse.com/media/Deseret_1000-calorie.pdf\",\"favIcon\":\"hxxp://www.naturalhealingh[...]
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.searchHistory", "<iframe width=\"560\" height=\"315\" src=\"hxxp://www.youtube.com/embed/videoseries?list=PL9BDF3D28339D1316&amp;hl=en_US\" framebor[...]
Line Found : user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "V9P");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponalert@mindspark.com");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN12825649783333770&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Line Found : user_pref("smartbar.machineId", "+/IM5/J6ZATQP+/PZ4+G2YENPPGTWDJ89XUKMUHP8EPMHNYIXV7JXFDCR7HT2M13ITD2I65F4CBMPG53EXB7RG");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN12825649783333770&UM=2&SearchSource=13");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : search_url
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

[ File : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36574 octets] - [19/12/2013 03:15:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [36635 octets] ##########

Good,


Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

# AdwCleaner v3.015 - Report created 19/12/2013 at 03:53:57
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ruth - RUTH-MSI
# Running from : C:\Users\Ruth\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\otshot
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Users\Ruth\AppData\Local\apn
Folder Deleted : C:\Users\Ruth\AppData\Local\Conduit
Folder Deleted : C:\Users\Ruth\AppData\Local\CouponAlert_2p
Folder Deleted : C:\Users\Ruth\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ruth\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ruth\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Ruth\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Smartbar
Folder Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\CT3287375
Folder Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\CT3289847
Folder Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Extensions\2pffxtbr@CouponAlert_2p.com
Folder Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Extensions\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}
Folder Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
File Deleted : C:\END
File Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\searchplugins\whitesmoke-new-customized-web-search.xml
File Deleted : C:\windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000063267.FCTB000063267Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000063267.FCTB000063267Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000063267.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000063267.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000063267.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000063267.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\prefs.js ]

Line Deleted : user_pref("CT3287375.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3287375.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3287375.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287375.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287375.FF19Solved", "true");
Line Deleted : user_pref("CT3287375.FirstTime", "true");
Line Deleted : user_pref("CT3287375.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3287375.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287375.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287375.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3287375.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3287375.SF_USER_ID.enc", "Y2lkXzEzNjIwMTMxNzI4NTE4MDQ1NzQ5");
Line Deleted : user_pref("CT3287375.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=");
Line Deleted : user_pref("CT3287375.UserID", "UN12825649783333770");
Line Deleted : user_pref("CT3287375.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3287375.YTbyClickRecent.enc", "JTVCJTdCJTIyaWQlMjIlM0ElMjI1c1BoN3hsMjlkcyUyMiUyQyUyMnRpdGxlJTIyJTNBJTIyTWluZWNyYWZ0JTIwRGlub3NhdXJzJTIwLSUyMCglMjBEaW5vc2F1ciUyMG1vZCUyMCklMjAtJTIwRXBpc29k[...]
Line Deleted : user_pref("CT3287375.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3287375.autoDisableScopes", 0);
Line Deleted : user_pref("CT3287375.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287375.cbfirsttime.enc", "RnJpIE1heSAyNCAyMDEzIDExOjQ0OjAzIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3287375.defaultSearch", "true");
Line Deleted : user_pref("CT3287375.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
Line Deleted : user_pref("CT3287375.enableAlerts", "true");
Line Deleted : user_pref("CT3287375.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3287375.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3287375.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3287375.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3287375.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3287375.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3287375.fixUrls", true);
Line Deleted : user_pref("CT3287375.installDate", "17/5/2013 20:18:34");
Line Deleted : user_pref("CT3287375.installId", "stub.exe");
Line Deleted : user_pref("CT3287375.installSessionId", "{8AE068F8-6985-4C59-9D01-4A2A426C32D9}");
Line Deleted : user_pref("CT3287375.installSp", "TRUE");
Line Deleted : user_pref("CT3287375.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3287375.installUsage", "2013-05-18T07:52:13.5867738+03:00");
Line Deleted : user_pref("CT3287375.installUsageEarly", "2013-05-18T07:52:06.9876354+03:00");
Line Deleted : user_pref("CT3287375.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3287375.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3287375.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287375.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3287375.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3287375.keyword", "true");
Line Deleted : user_pref("CT3287375.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=15&CUI=UN12825649783333770&SSPV=EB_SSPV&Lay=1&UM=2[...]
Line Deleted : user_pref("CT3287375.lastVersion", "10.16.2.509");
Line Deleted : user_pref("CT3287375.mam_gk_appStateReportTime.enc", "MTM3MTQ3OTQ4NTczMw==");
Line Deleted : user_pref("CT3287375.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3287375.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3287375.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3287375.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3287375.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI0Y2M0MDlmYi01YmM4LTRhYmQtOWYxMy01NDRjZTBmOGNlYzQiLCJ[...]
Line Deleted : user_pref("CT3287375.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Deleted : user_pref("CT3287375.mam_gk_eventsCache.enc", "eyIxZjljNTIxYy0zNjcxLTRmN2ItOTBhOC01MGYzMmUwMGUzODYiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3287375.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3287375.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3287375.mam_gk_lastLoginTime.enc", "MTM3MTQ3OTQ4NjA0Mg==");
Line Deleted : user_pref("CT3287375.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3287375.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287375.mam_gk_settings1.5.0.3.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzIiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Deleted : user_pref("CT3287375.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTc5XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Deleted : user_pref("CT3287375.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMSIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiO[...]
Line Deleted : user_pref("CT3287375.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287375.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3287375.mam_gk_userId.enc", "MDM2ZTgyN2QtN2ZhOS00Y2VjLTkyYWUtOGZmNDhjZGM4YjE3");
Line Deleted : user_pref("CT3287375.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3287375.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://Vafmusic.OurToolbar.com/\",\"EB_TOOLBA[...]
Line Deleted : user_pref("CT3287375.openThankYouPage", "false");
Line Deleted : user_pref("CT3287375.openUninstallPage", "true");
Line Deleted : user_pref("CT3287375.originalHomepage", "about:home");
Line Deleted : user_pref("CT3287375.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3287375.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3287375.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3287375.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3287375.search.searchAppId", "10000002");
Line Deleted : user_pref("CT3287375.search.searchCount", "0");
Line Deleted : user_pref("CT3287375.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3287375.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3287375.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3287375.searchRevert", "false");
Line Deleted : user_pref("CT3287375.searchUserMode", "2");
Line Deleted : user_pref("CT3287375.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287375.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287375.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287375\"}");
Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Vafmusic.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vafmusic\"}");
Line Deleted : user_pref("CT3287375.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287375.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368852726557");
Line Deleted : user_pref("CT3287375.serviceLayer_services_appsMetadata_lastUpdate", "1369421017621");
Line Deleted : user_pref("CT3287375.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368852727061");
Line Deleted : user_pref("CT3287375.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368852721440");
Line Deleted : user_pref("CT3287375.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368852730508");
Line Deleted : user_pref("CT3287375.serviceLayer_services_location_lastUpdate", "1369421128771");
Line Deleted : user_pref("CT3287375.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369488231178");
Line Deleted : user_pref("CT3287375.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368852727311");
Line Deleted : user_pref("CT3287375.serviceLayer_services_searchAPI_lastUpdate", "1369421128969");
Line Deleted : user_pref("CT3287375.serviceLayer_services_serviceMap_lastUpdate", "1369421128544");
Line Deleted : user_pref("CT3287375.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368852726815");
Line Deleted : user_pref("CT3287375.serviceLayer_services_toolbarSettings_lastUpdate", "1369488231566");
Line Deleted : user_pref("CT3287375.serviceLayer_services_translation_lastUpdate", "1369421129511");
Line Deleted : user_pref("CT3287375.settingsINI", true);
Line Deleted : user_pref("CT3287375.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3287375.showToolbarPermission", "false");
Line Deleted : user_pref("CT3287375.smartbar.CTID", "CT3287375");
Line Deleted : user_pref("CT3287375.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3287375.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287375.smartbar.toolbarName", "Vafmusic ");
Line Deleted : user_pref("CT3287375.startPage", "true");
Line Deleted : user_pref("CT3287375.toolbarBornServerTime", "18-5-2013");
Line Deleted : user_pref("CT3287375.toolbarCurrentServerTime", "25-5-2013");
Line Deleted : user_pref("CT3287375.toolbarLoginClientTime", "Fri May 17 2013 21:52:09 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3287375.url_history0001.enc", "aHR0cDovL3d3dy5nb29nbGUuY2EvdXJsP3NhPXQmcmN0PWomcT1pJTIwZmVlbCUyMHByZXR0eSUyMG9oJTIwc28lMjBwcmV0dHkmc291cmNlPXdlYiZjZD0zJnNxaT0yJnZlZD0wQ0RrUUZqQUMmdXJsPWh0[...]
Line Deleted : user_pref("CT3287375.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3287375_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1371479471918,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description\":\"Ontario - CJRQ - Q92\",\"url\":\"hxxp://38.99.208.186/CJRQ\"}");
Line Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.FF19Solved", "true");
Line Deleted : user_pref("CT3289847.FirstTime", "true");
Line Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3289847.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3289847.SF_USER_ID.enc", "Y2lkXzI0NTIwMTMxMTQzNDYxNDcxMA==");
Line Deleted : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN50708178425552717&UM=2&q=");
Line Deleted : user_pref("CT3289847.UserID", "UN50708178425552717");
Line Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289847.cbfirsttime.enc", "RnJpIE1heSAxNyAyMDEzIDIzOjMwOjQzIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3289847.defaultSearch", "true");
Line Deleted : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3289847.enableAlerts", "true");
Line Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289847.first_time_search.enc", "MQ==");
Line Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289847.fixUrls", true);
Line Deleted : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "ODdmZmIyYzktZDRkMC01YzUxLTY3YjUtZWE3ODkzNDBkNTA2");
Line Deleted : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "YmQ4Y2MwMWUtOWU2Ny04ZjBlLWFiNGYtNjgwOGYzNTZjMjk2");
Line Deleted : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "NDc1ZjU3NzItZDYxNy1hMWIxLWU5YzYtOGViNjc2ZmJiY2Mz");
Line Deleted : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "ZjA1NjY4ODMtNTdiNi00MGMwLTAzMTMtOTJiMmI2MDllODMw");
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPXllcywgc2Nyb2xsYmFycz15ZXMsIGhzY3JvbGw9bm8gLHZzY3JvbGw9bm8sIHRpdGxlYmFyPXllcywgY2xvc2VvbmV4dGVybmFsY2xpY2[...]
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbeyJpZCI6IjEwMSIsInR5cGUiOiJiYXIiLCJ2YWxpZGl0eSI6InBlcnNpc3QiLCJkYXRhIjp7ImhlaWdodCI6Ij[...]
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZmIzYjBkN2YtZDc0ZC03ZmE1LTMxZWItYmVjZGI3NTMxZDZk");
Line Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Deleted : user_pref("CT3289847.installDate", "17/5/2013 20:21:32");
Line Deleted : user_pref("CT3289847.installId", "9818");
Line Deleted : user_pref("CT3289847.installSessionId", "-1");
Line Deleted : user_pref("CT3289847.installSp", "TRUE");
Line Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3289847.installUsage", "2013-05-18T07:52:16.1609058+03:00");
Line Deleted : user_pref("CT3289847.installUsageEarly", "2013-05-18T07:52:07.096841+03:00");
Line Deleted : user_pref("CT3289847.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289847.keyword", "true");
Line Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN50708178425552717&SSPV=EB_SSPV&Lay=1&UM=2[...]
Line Deleted : user_pref("CT3289847.lastVersion", "10.16.2.509");
Line Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM3MTE2OTc0NzAyMg==");
Line Deleted : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI3NzZkYjZkYy01Zjc5LTQ2ZTMtOTZjMy01M2U1ZDZhZGU1OGQiLCJ[...]
Line Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Line Deleted : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyI0NDRjOTkyMi1jZmI4LTQ5YmItOTIxMy1iN2YwMTNlNDk3YTYiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM3MTE2OTczMTAzMw==");
Line Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Deleted : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjk3XzIiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Deleted : user_pref("CT3289847.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTFfMCIsImlzVGVzdCI6dHJ1ZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQiO[...]
Line Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289847.mam_gk_userId.enc", "OTU2ZDVlYzQtMjc2My00N2YwLWIxM2ItZDMwNTNlY2MzZWYx");
Line Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WhiteSmokeNew.OurToolbar.com/\",\"EB_T[...]
Line Deleted : user_pref("CT3289847.openThankYouPage", "false");
Line Deleted : user_pref("CT3289847.openUninstallPage", "true");
Line Deleted : user_pref("CT3289847.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource=61&CUI=UN12825649783333770&UM=2&UP=SPE521903B-4391-499D-BA31-D7A9297EE899");
Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=");
Line Deleted : user_pref("CT3289847.originalSearchEngine", "Vafmusic Customized Web Search");
Line Deleted : user_pref("CT3289847.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Line Deleted : user_pref("CT3289847.search.searchCount", "0");
Line Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289847.searchRevert", "true");
Line Deleted : user_pref("CT3289847.searchUserMode", "2");
Line Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1368852730566");
Line Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369421017631");
Line Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368858511192");
Line Deleted : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368852722286");
Line Deleted : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368852730639");
Line Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1369421130600");
Line Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369488231268");
Line Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368858511282");
Line Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1369421130581");
Line Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1369421130398");
Line Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368858511235");
Line Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1369488231700");
Line Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1369421130801");
Line Deleted : user_pref("CT3289847.settingsINI", true);
Line Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3289847.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Line Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Line Deleted : user_pref("CT3289847.startPage", "true");
Line Deleted : user_pref("CT3289847.toolbarBornServerTime", "18-5-2013");
Line Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "25-5-2013");
Line Deleted : user_pref("CT3289847.toolbarLoginClientTime", "Fri May 17 2013 23:28:28 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3289847.url_history0001.enc", "aHR0cDovL3d3dy5nb29nbGUuY2EvdXJsP3NhPXQmcmN0PWomcT1pJTIwZmVlbCUyMHByZXR0eSUyMG9oJTIwc28lMjBwcmV0dHkmc291cmNlPXdlYiZjZD0zJnNxaT0yJnZlZD0wQ0RrUUZqQUMmdXJsPWh0[...]
Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1371479472005,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN50708178425552717&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN50708178425552717&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN50708178425552717&UM=2&SearchSource=13");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.crossrider.bic", "13eb5faed83ebca49c03be3d2213b35f");
Line Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1368852721);
Line Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1368852721");
Line Deleted : user_pref("extensions.crossriderapp19962.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp19962.bic", "13eb5faed83ebca49c03be3d2213b35f");
Line Deleted : user_pref("extensions.crossriderapp19962.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp19962.installationdate", 1368852721);
Line Deleted : user_pref("extensions.crossriderapp19962.lastcheck", 22857991);
Line Deleted : user_pref("extensions.crossriderapp19962.lastcheckitem", 22857991);
Line Deleted : user_pref("extensions.crossriderapp19962.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp19962.statsDailyCounter", 7);
Line Deleted : user_pref("extensions.enabledAddons", "longurlplease%40darragh.curran:0.5.1,2pffxtbr%40CouponAlert_2p.com:2.73.0.65458,crossriderapp19962%40crossrider.com:0.91.51,%7B6c3bc03f-d7b9-43ac-8931-c242e3cae9[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=undefined&n=77ecfec0&ptnrS=CDxpi000");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2012020416");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "CDxpi000");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "undefined");
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://www.naturalhealinghouse.com/media/Deseret_1000-calorie.pdf\",\"favIcon\":\"hxxp://www.naturalhealingh[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.searchHistory", "<iframe width=\"560\" height=\"315\" src=\"hxxp://www.youtube.com/embed/videoseries?list=PL9BDF3D28339D1316&amp;hl=en_US\" framebor[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "V9P");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "couponalert@mindspark.com");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN12825649783333770&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287375&octid=CT3287375&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287375&SearchSource=2&CUI=UN12825649783333770&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.machineId", "+/IM5/J6ZATQP+/PZ4+G2YENPPGTWDJ89XUKMUHP8EPMHNYIXV7JXFDCR7HT2M13ITD2I65F4CBMPG53EXB7RG");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287375&CUI=UN12825649783333770&UM=2&SearchSource=13");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

[ File : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36744 octets] - [19/12/2013 03:15:08]
AdwCleaner[S0].txt - [37198 octets] - [19/12/2013 03:53:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [37259 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ruth on 19/12/2013 at 4:02:26.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211091100}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealFinder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealFinder_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211091100}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealFinder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DealFinder_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\windows\Tasks\driver robot.job"



~~~ Folders

Successfully deleted: [Folder] C:\Users\Ruth\AppData\LocalLow\FCTB000063267
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{00003789-6924-4389-8759-EA4BE245C8F9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{001BB755-6094-4068-9B41-3A7A3047DF96}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{001C2E51-F075-4D5B-929A-40213E8F828D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{00487334-C071-4CF9-8267-FC59233EAF25}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0060F316-8067-44B5-AF85-89B2F47013B7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{006C4DAC-492F-49B8-BA6B-381AED34D79F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{00A0552D-8CC1-49F8-9BFB-8CB0C34364F2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{011BF7E9-84B6-4846-A913-35DB59F5F233}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0121EA0C-1A71-414A-803B-06377D37E81C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{01371444-D6C3-4703-9A0C-D94932DAAA67}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{015FA0C6-2B5A-454D-B9DC-5D3BE40F28FA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0180B4A6-83F3-441C-85C6-9EACFC3B7CFF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{01B62BB1-6AD4-4049-8404-BEAF86D8F733}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{02B6A1AE-47A4-484A-A8F2-E09C2AECCFC1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{02E748F9-BB8B-4495-8213-39FF15FC654F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{02F71911-E528-4F8F-A27C-3EA634B01348}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{02FD9732-91FC-4FDB-96DA-07A48A8FF0E1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{03593309-F8D4-4145-872E-AB5AE6F68807}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{037426BD-693F-4A43-AFDE-AD3F707C2EC4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{03E3C77D-ABF3-4A20-B3D0-D7E0676E89B4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{03E5257A-D184-4F36-AFCE-78BCBF684DB5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{040EDADE-355A-45EF-9EA0-AABED4B4DEEB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{04283DB4-A111-4CEA-B990-8E2A8D3BAC42}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{04442164-ABEF-4DC7-93A9-56ED811910FC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0469D96E-90E3-4B3D-85EA-C60D89F9092B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{04E75F54-78CC-4763-B9BC-8083C3AE118D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{05263755-7241-42D0-BE91-70D2F201B31E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0598CA82-6601-4FDE-8B9D-A4243DE4E254}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0614D1EE-C53A-4CFB-A823-203999578076}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{06443B36-24DC-4DDF-BCF8-CFA15EF66A58}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{065997B9-35A0-42DF-81F0-70CCD8C1093E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0671297F-9A4C-4D67-8574-E2E2E1BD0638}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{06B713E5-B70B-4E1E-853B-1F5D19AFAF6E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{07422142-4974-4548-9E09-158C4F7B375A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{07521488-F2B8-4B24-8749-3418CF37AC1B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{07A07DDE-046E-4E1A-B788-1A6B968B1D83}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{084CE21C-9E99-44D5-99AC-7B6F9F058D11}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{08692FE6-B2FC-4591-86A0-E29ADD1A1AA5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{086A72C3-678C-45E6-8FCC-45629AC21606}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0881A266-B0CD-46B7-9D06-C96178C71A1F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{08D916C1-8AFA-4D9A-B7D0-BBDB8E5EF03E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{08FE6300-0A8F-4B4C-AB77-E16DD7FAEA54}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{09267874-94CF-4CAA-B689-8452AEB7A0C8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{09361FE6-5D86-4EAA-9A91-AD48764E8015}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{096605D2-2EBF-403B-8DA7-171E149B3E26}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{09E2D369-10AB-4028-A1CF-288512361FF7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0A18EC8D-E3C1-4B78-9A98-A0C0863CD818}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0A1E199A-117F-4251-A627-37083E9E8947}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0A32AA2C-A4A3-487C-9F1E-47FC60C9EBF4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0A3A250F-6E07-4EE6-880E-F2253CC195F8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0A3DE6C9-7789-437D-A0C5-8AF8C73F58E4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0A511750-DB83-40E3-8D9A-3B850AD9458D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0AE43D1C-EFBA-475C-B2DF-B74FA68837C6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0B7E1478-7A30-429F-888A-96CAA8A48D59}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0BAB93C3-C4EA-41FA-BD74-32CB61320E18}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0BADF43D-1CFE-4681-BADA-6E4AF3297834}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0BBB2A37-BED5-4819-81F1-C47693D19CB2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0BEAF30A-0924-4257-87EF-BF2B44A1BB9E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0C016714-3470-4F67-9ECA-18E88CEE027E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0C203D38-CBF5-4E29-BE4D-DE4B05AEF48D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0C84D4A2-9253-4F82-916B-83903EFA6121}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0C95F7E3-B667-4C2C-9B2F-1A691CE2F07C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0CA50B33-5B44-4352-ACA2-17C77EDA2C20}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0CFEA495-708A-4674-AB95-6C78E95ED400}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0DDA2CF4-591F-4827-ACE5-34CC79376FAD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0DDEFD6B-2B06-494B-A458-EA60A31D22D4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0EBD5C78-B646-4D17-8706-44E48B7B3DEA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0F0EA581-E3BB-4625-9E66-CDE1F2747216}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0FB9DBAA-2E44-4479-871D-9F8E7EF0A5FE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0FBF1EC2-383D-43C4-8979-15B2A762CA0B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{0FE2A7DC-8A66-453C-8CB4-E3C73F8F5993}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{10545575-2826-466C-B002-5BCC134D01C5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{109B9797-EF9E-4571-8BED-EF6843B05B2D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{109FCD2C-45C6-40EC-B0BC-15C0D7138DDF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{10B90D60-BA03-41FC-A321-C3645C54A85B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{10DD522F-6E57-4814-8455-BD29B6171012}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{10EC9C5C-7A36-4FFC-89A2-0F52C5F830F8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1100FB9F-C793-4379-A353-D628B916D44F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{113674B2-3AB4-44D8-A6CE-4866DEF52891}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{113B202D-F22B-4180-943E-CE8F2A939B14}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{11AD2CB6-8316-4463-A27F-8F33D03CC530}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{12773346-EEF4-4B1C-8E93-B9C24633D82D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{127E0E58-F4B1-431E-A51C-EE7FE3AC6B95}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{13468C2B-262D-4749-8115-E1456B4C2A40}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{14010F2E-4314-4835-BD3A-FEC4C07DF9E6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1475D5DD-4393-46A8-9EF4-9B6C6970FAAC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{14DB3EA9-20FC-499D-80C5-654413ADE2CC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{14F3D385-B99D-4D4D-929F-827207A58BD3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{151935B7-21CC-4053-9AE8-50CD45FDFFDA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{152F66CD-FB22-4743-8C68-707AD52ACD49}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1575454C-CDCE-48D7-A6A8-FF6EF5E29562}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{159ED454-F8AF-4722-9539-A25789FF19D5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{15A07B47-E689-46F4-89D5-C47E7704291E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{15B1AFA7-2BA8-4FA8-857F-E20953195676}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{162ACD10-985F-4B41-8951-6A8C761383D7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{16426904-8AEF-4594-865B-4071AACFD30C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{166676D5-53E2-49FE-8999-B326553DA40F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{167C0420-5A6D-45ED-959A-C8A82F6DCC6B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{16BE7391-F714-4393-B2C0-EDE33D2EE178}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{16C6A2A4-72B8-4C01-9880-C93A29786888}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{16D808BC-B7ED-4617-9F1B-FC5C92F3248D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1742652A-33C2-4F49-A737-A4F9D4408FF7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{17543A3A-848D-4844-80F6-0B2B1BD0B2A4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{175975A2-75DC-4D74-8089-5E0BEDB30F73}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1774E835-9A7B-4D3C-A0ED-393E22D69A2C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1794709D-52C9-43B9-8AA9-DFB77E2E6500}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{17A39B0F-CC0E-47C9-8732-468C915AF9C6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{17D8E7FB-FEA8-477B-99A2-144CA9B0E0CB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{17F4BDA4-67DA-4DB1-82C6-454ED252A7AB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{18142BA7-C463-46D5-9B6B-559A9DA9261B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1885BBB0-B023-4CCD-8C87-FF7226D79B45}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{18F7EAFF-12D7-4415-8F35-97D441FD3920}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{192880AD-CBC8-4824-A6BF-399152E32A9A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1959FC10-FA1C-43E6-9C62-928FC339292E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1971AB46-134D-4934-8770-44C7244B927F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{19A21993-EC68-4A33-9EF7-3F169541762F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1A595C49-C918-4435-8D94-9B45630367CC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1AD612D9-86C9-4B73-8322-430DF2A38DF8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1AF0CAFD-685D-48FB-BAD9-AA70C8E97492}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1B09DCC2-FB6A-4F98-8ABE-0904923C2752}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1B3B6E30-DD4C-4B49-A7D7-B504419833E2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1B40728A-E0DB-424B-AE8D-87662B47ABC1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1B419829-54A3-4AFA-A5EE-4D48FC621975}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1BECC6E3-7D3F-43FC-A94C-18EAE193B63C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1C2EF512-1CDE-4BFD-BD3F-8B901E8C9549}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1C8D2670-E701-4282-8560-4F0809766F38}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1CF71510-EB3D-4D18-80E1-41AD4C42CD9F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1CFEF283-C24A-4724-82C7-063D4F7BB815}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1D50D6FB-C98D-4E33-BF47-C112807361C8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1DA5C654-1433-44D8-B2AF-A9C5982B80D4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1DF67F9B-3B37-4881-B489-D18E326BFE50}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1E4DD866-BAC4-4E0E-8C11-502459A0FEEB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1E69E9AF-7C50-4C7D-864F-066B84A62194}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1E8B4E63-A949-4242-A24A-51CF7358E770}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1ED67245-7BCD-4D00-98D8-1FD0729283B1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1F560C54-F855-49B9-AE9B-7EC9A59F67DB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1F8A28DB-3831-4110-A804-9858D8E829C0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1FDD5203-690F-4503-8DDD-372F32B317AC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{1FE38539-94C5-4A20-8844-999636BCAB99}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{205B22BA-74F9-4143-B53B-4B3905D4084B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2067642F-68EA-48E3-AF2E-8B48FEA27424}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{20D8C32C-2609-4174-ADEB-479E4BBBB927}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{20DC14E1-23FE-4C11-B389-544ADFC7DD0E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{20E98CB9-4D7C-4F1D-8E78-6470951506F2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2150C44A-355C-4200-ABC0-F15DD029139A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2169A40E-2B28-4F15-B2B8-198DDD7A486C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{21B1C131-DDAF-4B3D-A42F-2FBA5E008EF1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{21C6E993-A69F-4B51-ACE5-A49A58B3875C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{220CD4AB-F4A5-445D-949B-C4D91061E763}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2235EB75-6431-4E0A-9950-3AA2DE6D8B3B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{22AAAEAA-A24C-4067-AA39-16261F3A6F76}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2326C738-2801-452F-A5CD-86BD887F6CA7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{23530EAA-19EC-47CE-BB15-81790C38B5B7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2367E056-6D53-4A49-8F97-53E7F5B473DD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{239757D9-C37A-41EB-9678-8FD4C1999598}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{23A07422-C42D-473E-8034-5152A09EE276}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{23FB14D4-E458-46FB-80B0-52DBECFF6696}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{24353925-D2BB-43D8-A557-BF8F58AD56D6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{246F4986-9AA8-4A17-B7C8-1766C1566F1E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{24F730A2-D42C-4A67-AB44-A6DA6B5CFF32}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{253D6223-0EA9-42E8-A21F-9053645E249D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{253DA7F0-5DBE-471B-8C49-416B9EC0FC5E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{25A5A255-6F39-4ADA-A5DB-0A6108DA08A5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{25F295D7-D959-4DE1-8719-2FF3E1CF914C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{265D18C9-B48A-4ED7-B24F-86E333D6DC3A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{26823EE0-9235-4B65-B384-1F5E8016F864}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{26B6A2EA-5BD4-4B6A-A9EC-A6DDD33AA3B3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{26DA33BA-B39F-4754-B0FE-B20649FF494F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2720C5BC-82A2-4B3C-8275-4A507F9D11DA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{272D093C-FC80-41F0-AFB9-A7047AD14A3D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{27630471-09E8-408A-8A82-D789AB6F39B7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2765D8FE-29A8-46D7-8D9A-C5D5C13620A8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{276D97E7-FF69-47A1-8CAC-667C3B4E501A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2779189B-B8F9-4491-92DD-FB5A497C4E56}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{27A87672-18E2-478C-A8FB-E6010258BBA2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{281DBFE0-6552-4602-91C0-B28CFF5CC077}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{28708F41-C271-42AC-9294-FFD4604E62F1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{29060DC2-74DE-4932-BD9F-0BC971F30079}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{29455599-E64E-4EDB-8038-5A8828A0402D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{297A43E1-2FD3-43C6-8722-23D8502027C4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{29A6B73B-D78F-4256-ABA2-FB3C415554B7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2A5F097B-9281-40C1-9992-6CDFFEAFD68C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2A72AFFD-095D-4A75-9A06-937C1324B767}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2A760054-6E0C-4731-ADAC-83F484C5B386}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2A780FC8-3F5E-4E5D-8E00-9FB79D428FB2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2AA62437-72FC-48C6-8DE3-0912717919BA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2AC2DDD9-29E1-4752-8CA4-06612C62BBE1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2AE2B1BE-F263-434D-817E-7B416C4ACC3B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2AE4EE0D-8570-4BC6-8A4F-D2CB896E58DD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2B40E3E4-52FF-4742-84E5-06BB66D6D7E8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2B64A4C8-7AF2-4B4F-9C3A-2585EFC587A2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2B6D63F2-9912-430C-820C-85C9D7256373}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2B9CA48A-4B00-4021-B841-71EC3E2B3AED}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2C1C214E-F168-4346-87D2-B1DA48823FDB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2C250D1A-9DDD-4119-9F5A-43A89DC2332D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2C4DDFAE-C0E1-4851-9CA8-7EA429295712}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2C9CE66A-E431-49C3-90F4-C5852CDFCD5D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2C9E428F-AD73-4578-BC78-6DBCADDF1327}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2D618331-45E1-44E8-80A1-B9D5E70722DC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2D9C5AFA-DDCB-4ED1-BA25-D9F301252F13}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2DB7E9B7-A798-4AA1-8B1E-7C52B5D6FC87}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2DCF8B17-CF3F-415D-9F63-F909D12529A0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2DD48874-ED4F-40A7-A0D9-C3FAED0D758F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2E20D9AF-92AB-4A62-B852-43B3135F298E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2E221897-2019-49E1-B7DF-84A331FD640E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2E33E940-A203-4DB4-A251-06355E1A0578}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2E58CB7C-2727-4155-9FEA-715287D68D3E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2EAAB258-B697-4025-9908-FC3D33DFC9AE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2EEBE978-3F4A-4491-A8A5-0290633774F3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2F04B223-05DB-49E9-81C4-873AB8A6C0C6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2F07EA1D-8AAA-4239-8D32-0DFAF993D8E8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2F124F06-744F-4724-A447-89CCF7A4F53B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2F9941C9-C570-433F-A2B2-0E3D17DA710C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{2FC5789E-D6DE-4405-9BDF-2AEEC43FF80E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{307FEABB-B455-4204-9BF6-75F547AD4DD8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{30CFCD05-581A-4DC1-88BA-2235D9CCFA96}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{31383EE3-947B-474E-864C-0CCB4EA67897}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{31642299-79D5-43E4-BC54-D8AFEF79BAD6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{31F464D7-3A5E-47CD-BAC9-89EA6A6A9EDA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3300DCCC-E0D5-4AA8-9963-981FA3063725}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{33989C66-641E-4985-97E3-D78DED1761F4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{339C428D-B41B-46A2-A122-F6661EEE7955}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{33A62D54-D795-4822-B046-889B15EA1788}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{34661EFF-375A-46FF-9C2A-A49814225C8A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{34D16FEB-1FC3-42EB-BD3F-678AD59DE231}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{34E8AD6C-89ED-4EE8-BC04-022586688BAF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3587BEB4-B4AF-4ECD-B41C-C5DF34ED2640}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{35965FE0-82EC-4720-A154-8C5FAE1697D1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{363636DF-3A03-4D2A-B323-F961AC8ADABE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3636E514-C107-402D-A047-15A6BBE9C024}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{363C3B64-E072-400C-A08D-D746EE6BBBA9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{36741782-9939-45B2-A352-46118B0C8BE9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{367C2DB8-AAC3-49C3-9758-FB4748C2E545}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{36D3497C-26AF-4D8D-BA17-A744441141D6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3713A6B1-D6A1-4142-B706-DD29C85F0A87}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{37270694-62FC-40E1-BD6D-DC819AE59B63}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3737373E-7F91-4409-AC36-39A3A5113403}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{37CD030D-6351-4090-A71D-1D38ECE46337}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{38081279-1AB1-4224-AA40-B652E6912B9B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{382F3F4D-692D-4607-867F-64AEA33A64D2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{386EB8DF-9162-409A-B212-EEF79380AACE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{388A6C30-DA39-405E-B983-5B7370BEA7A4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{392079B8-0A93-4825-9B3E-B99AFD3AF301}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{392EE616-44BC-4C17-873E-59B843502EA9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{396DA277-08ED-438B-A9C2-998BA648CB7D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3976F1D1-4FB1-4A83-B137-751C0B688508}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3979A284-F7AC-40C9-810D-A6C673DB3CC4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{397C0490-3EBE-4FAF-9CA5-6F744C911AF4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{39863C21-876D-4ABB-B6CC-36CD2951A5AF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3A589EAE-AA2B-47AC-8338-F002594B72C2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3A5A3D1D-2181-4AA6-8E30-4649D5C451CB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3A8BF028-570B-4259-A418-B72BCFE93ABA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3AB15C1A-8B06-4DF8-8BB2-B7E887DA69E9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3AB88567-384C-43CF-8DD7-6CDC75CC1139}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3B20F8CA-B39F-4FB1-B751-251556DFFA58}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3B5DFFB3-75AF-4601-A14E-7333C2F0E7A4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3B929279-5A7A-4B64-9227-A8BA37312BF5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3BD9CB76-6462-4779-8D78-8521DD180DEB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3BE734D7-C644-4010-9384-1E92620F7955}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3C2777C0-236C-415D-9456-0F49A5889345}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3C297174-82CF-4B30-98EA-FEDC93AEBC8F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3C3FD10D-0EAA-4D1F-943C-EA1EF0A8932A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3C482D77-7CB7-4375-82E8-7DB36A5C3A36}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3C4C8C7D-C908-4E75-9D94-640B0DB6CA94}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3C711FF1-2B8E-4710-B192-A78FCDB62237}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3CC01524-153E-4FAC-AAFF-CB3181BB8ACF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3D310D00-3500-4C9F-B7A0-83317B2837E5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3DB35DE8-9ED0-4219-8685-BBCB925B3B88}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3E197EBD-5F4F-4CF8-9FFA-939946B1C745}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3E214DAE-51DD-450A-9CB0-02C6F160B4EB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3E61543B-D96A-4D8B-8E44-8A97553ACA6A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3E7F4FF1-40E7-4ED5-9E81-5B1FD6225894}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3F06CFD1-9F4B-432B-88B6-B8ECDB80FF42}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3F2FB151-A72A-41D1-A9D8-4B7A9BE06738}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3F85A1D9-066C-4412-87F7-2AEBB626732F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{3FC3A0AB-AC4A-4C6B-8137-29D33491CF70}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{404264DC-AEFB-41AD-97BC-F8343A9066B2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{40A577AC-E9D4-4A13-95A8-BAA308A50358}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{40D03527-D1A7-4926-9C50-DC9C75D600ED}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4130E34E-213D-4D1E-9E59-20D3408AF10F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{41518377-9AA7-45A0-8BB0-566CF9B0D548}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4165E25A-2CDF-4721-82FD-963ADE220311}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4177D7C5-E963-4216-BAA3-A82791B0EF44}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{41AF1969-E901-4F51-BA10-EC87C2B5D8E6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{41BC919C-774A-4F07-95E9-5F34B7DD2FBF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{41D66E7F-2128-4329-BFAE-E8ACC8A4AE49}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{41D67823-5F15-4222-9DD4-CB863C9E59AD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{41EBD966-E124-412A-81D2-5079D8FC67C5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{42378098-AEC8-413F-A8D1-4756D9B95A4F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{425F4A8A-60FF-40C3-B4C5-A62F77C7F2AF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{42647C60-ED0D-425B-BDE5-FD4DEC641CEE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{42CF8A16-D8A9-478A-8654-132E5B2354CB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{43062EFC-CE61-4310-81C8-AEEF0D7D908D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4326D67C-3B9B-4C55-83FA-C52BCBBEFAB5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{432FC170-CBE1-4E9C-9E94-40E3622968F7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{43794ED0-D415-4771-8577-A06B1E50A53E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{43DAE8B5-C9F8-4757-A982-A39ECC30B38A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{453BC6DE-E43B-4AF0-A67B-8F000A59E889}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{457E8342-DB43-4168-9BC5-56C36F4728B2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{45CDB143-BB9A-4F25-B89F-EF33511DFB51}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{460A00AF-2CC5-4312-9855-7D739AE9C56B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{461900E1-D18B-49AB-BEF4-AB7DDBEE7C1B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{46726DDC-B9C7-49B7-9A18-E1F56076FD38}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{46AB14D5-4CDA-4B86-A3DD-4A8AC2B87DD4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{46DC8F0A-FE3F-4454-9B12-C220294085A9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{46EE1717-3842-4867-BC24-494A7120B05B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{471A07D7-838E-4748-8DB8-C9B8002018C6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{477EE8E4-68A9-4E37-8C6B-6FDC215337E2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{47BE39C8-980B-48BD-8CE9-E834FE5592D8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{47D7509C-F4B5-4668-AE85-A5879ED9F9AE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{47FAED64-84F5-4B7F-BC3B-660AE022200F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{481871DF-BD75-4BA1-89BB-381EEDED66D1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{481D94CA-DA42-4F99-A7E3-1E07ED020C31}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{486F5ED8-E085-4ED5-913F-EA19E4193499}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{48F94484-8042-45C4-ADBD-034E9FB29632}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{49093CFB-507C-4EE5-80AF-85FF2443A8F7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{49181150-FCC5-4815-9B14-7FB62694BC9F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4953A396-3FBC-4B48-91F1-90DE74790806}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{499AC2D4-8CA6-4534-8319-D1AA31FE7B8B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4A274308-593F-400A-BD1D-E3C9A62D2267}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4A62D340-DACB-4164-B882-CEB223DED3A9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4A82DD21-0E1B-4929-A0EF-8A46A7CD7C98}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4A8961F1-F92C-4569-86C5-81DE4B8106C1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4ABB2214-800C-45EB-9423-407C3F0C503D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4B42E6B6-4005-4D91-8949-2E7CAFE584DA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4BB93A4E-6F84-4581-8639-1C16281FBD1A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4C1737C1-6B1A-463A-A7DD-C7487575B020}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4CF9BC39-AD04-4D39-A279-82B76D0421DD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4CFAC964-1E65-41EC-9045-7C08D74ED05F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4D0E1967-7055-4A3F-81DC-389F3D5FD1AC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4D221ED1-E024-4B99-A047-DF4812639C61}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4D3DCAF5-6689-4E6E-8BE8-9C504ECBFCAF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4D882C46-C9C3-4C5F-8CBE-CF544DBCA177}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4DAC01EB-BC8A-40EA-B787-5A8CEF58160A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4DB9E421-15BA-4EE7-8669-31C00F8385F2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4DE04765-F19E-4793-A83A-1400E02F7B01}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4E3599AD-5E9F-4967-BD75-853DF343E8EF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4E42463A-0A74-47FD-B55F-B20F4717DADD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4E57842E-3D3F-4830-8706-66BB9E62CD4C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4E63BDF3-28EB-462D-9981-65F28574EFC6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4E6D4D28-EFE1-497F-8F31-ED1910FC735F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4EF03A2D-E59A-41E7-BD22-1DA1FA036BA9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4F167C3D-F835-45B1-99A6-8E4EB2987DA2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4F3924F9-3212-4950-A043-B63E2382423B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4F5EF335-1EA1-4CA6-8619-460BFE7CFFEF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4FA0CE13-EB23-4045-BFDD-47735DD70D85}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4FD8B859-D21A-4B93-938E-17B5C199F183}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{4FE353A4-8C5A-4595-83BB-0DB4A0904618}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5045B4A6-DA66-4334-A9FE-AAEFD41BE495}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{507856EA-75BB-4993-9782-F47CCFF1EB4C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{513554E4-DC02-4870-8B78-A86E7C3CABB9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{51CE012B-22CE-456E-A35C-A7BF8E9A0E3D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{51D32E2F-8B12-4B3C-AE9B-B7241EF73BEC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{51DC3885-0FB0-456F-B044-67045B9B69D3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{52024A48-DC10-449A-9DB3-1B695A41C5F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5227DE7D-37F1-4422-B32C-4D5109C8B8C3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{525167E5-250A-4F7E-BD40-1092A0625C63}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{528DD005-F2C9-419A-A350-3B722F2C7E8D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5390F2A3-BC0A-46C8-92B4-AC3076F0BA53}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{53B02B74-EE43-4099-A92B-A30D641108F4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5452BA32-981F-4C80-8646-775A78F22857}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{54C5FCDE-5FB5-4809-B7D5-E1BA2B93B2CD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{54E1A99A-18C9-46D3-BE14-7A169CC65046}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{550B8DB8-5F81-4BCA-8831-083934117073}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{55E6D015-B3F3-43C4-8298-A87471171C49}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{564EB443-B61C-4462-9136-FBD007DDB223}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5681FD03-BB94-40E0-AE6A-BB4BA00171FB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{568605A2-88DF-4D10-BEF8-2EA7745D2C12}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{56BBAB41-93B2-4DA6-ABC8-F31593A50D71}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{56F95B10-2982-48DF-BB46-D6EF5EC77AAF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{570BA0ED-991F-4EF9-A582-7F9A116A8D29}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5749CB4F-8977-41ED-8B95-0A726147D504}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{58599CFF-D619-453D-90E8-96C5639801C4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{588D9858-E4D9-4DF7-820F-255E674CEC87}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{59056EE8-45B2-4B39-97D2-90374A6B0EEA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{593C3F11-DB5A-4E62-AEB1-9ABF6F3EB159}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{59A24BB2-D6CE-49D7-ADB6-FA6D196AC845}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5A57E5AB-EE60-41ED-A4C7-D9A52399D1E9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5A9EB161-36E9-44C6-886C-251F18985048}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5B5EABED-5486-48C3-BB37-AA6FEBC14BD0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5B9871F2-00FC-4DC4-A517-93D063361934}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5BA0222D-F7D9-4F03-A497-7ED25DA1E926}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5BAC05CC-85DF-4CEA-AEA9-165C1617600E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5BB620CC-2034-4855-9DC0-DC05BE465166}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5C4BC7F6-6D1B-48EE-976A-107714C4C698}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5C638063-527F-4323-8D99-1C19B74EF43D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5C912A1C-A98E-4276-BEF1-840D299C4C9E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5CB1305C-2CFE-4982-8057-711FE84D07D3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5CFD31CA-DD48-446C-B3AD-2961890C81B2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5CFEA297-0C7E-448E-A78B-38282DE0A707}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5D3D0565-70BC-403A-A2AD-A334E28262EA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5D4C953F-4476-414F-BBA0-B529E6018DBD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5DBF043E-AB5B-4B7E-830E-AECCA19F4BB8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5DCA4336-B950-4EB4-AF89-B0CB7A38D50C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5E17305C-B5A1-4CBD-BD90-A40531C19C13}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5E8FAB5C-6E91-46A5-9C4F-CA184E332CE1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5EBED1D9-39EA-4C76-89A0-DEB2389031D7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5F47FD1C-E599-4CE3-A11F-7DF59665BCA4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5F8FDF21-8178-45D9-A958-EBA08BE3107A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5FCE833F-6635-4533-A872-30E6CA4DE344}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{5FF88E39-A369-4A16-B318-73716274A779}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{60183B50-CA43-4E76-A9B8-BA4CEA69A52C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{605C8D79-6F20-4EB0-AAC9-F569CB654C7F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{60AA2027-A6F6-4ADA-A94D-5FAB6A837867}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{60D213FB-D34B-4201-B0AB-3E3AE0D09C0B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{60F660D8-C489-4F8C-BC95-B1DB69969F7C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{611583AF-9C76-4DB1-990B-448D6680D8DF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{613A0009-1F31-4626-94E0-B878AD39C4CD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{618537B8-5227-4494-9510-F3346FA3D430}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{61B72CA5-6F13-4ACC-9C19-47648321F5E8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{61F5C27B-F525-4F8C-A1DC-B063BD4B6123}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{620AF06E-07A4-4604-B5B1-8BB675AB42A8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6227F1ED-CD5C-410A-8C67-0568FB5081FE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{622EDED6-419C-4A1B-81B3-D62B7CB60633}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6313237C-987B-41EB-B4F5-DAFEB874E623}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{63239DC7-C78B-4284-B1D3-9654B7B0A124}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6366AFAD-5E3F-494A-ABF5-A6ED4E8C8B00}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{63E6A4B9-997C-46D4-96D6-1BC4B99D7C77}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{649BCA91-6DD2-490D-AB6E-777AAA8DBE39}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{649BEA0E-C1C6-4C9F-BCFA-2B0EB67CE4C9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{64A35B62-7591-4BE5-B860-9EC18C2B7FAB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{64DC2689-4D4A-490A-BA1F-34E09F405AFD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{64FD919F-EDE1-43B8-B3A2-63B20ED96DA2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6516BD0D-B224-47D3-B9F2-C1DB0FB887FE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6523A4A4-C60C-451D-B954-86AEE4ABDB85}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6558BF33-8482-42DA-9D19-D0A66CA28992}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{65B81265-EC43-4544-B862-C03AC519FFA9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{66112470-6C54-48E8-B858-02EAAAD2C2A7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{664CE6E2-8CD2-4BC5-A39C-04AD931145CC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6669012A-EECC-4DEA-8ED2-89B9DE908A53}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{666BB103-F72A-44C1-A0BF-E63DF1341259}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{66A2661A-D343-43AA-9BAD-2C42A79D0E15}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6720A46C-59B7-40FE-A936-AD6133FE45AE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{67296824-9B1F-406B-AE69-7A8BABD0E335}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6753E0AD-25CF-4A78-AA54-80CCB7224419}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6783B81C-DF7A-41E5-87BD-E570DADD0DAB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{67AAF4CE-9635-4167-A0AD-9F7BA35E78B7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{67BB3314-A3A1-4C3F-B004-24E6F49BAACB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{67E97B08-9BD6-4FC6-AFEA-5515CC608C77}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{684C39F3-98CE-440C-BC61-F4234CC23D61}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{685BA9E2-6FC3-459E-B23C-DD9F5B033FEF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{68801AFD-668D-425A-B1FA-7E502D3061E8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{68BB2C82-8343-492E-A613-645866A6EC8F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{68C92459-E748-452F-9017-CB95E3D0AFB7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{694553DF-D64A-42A0-9070-6702387EA121}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6950DF8E-FC7A-496E-8C89-E38A199E3326}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{695F5D0D-E111-448D-AA79-A907786E3A43}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{69D59927-E5B5-44EF-A833-29DE6973FC56}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6A10BBDB-FB72-43F5-A1F3-4ED0149DC7AD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6A4FCE18-3C58-4918-8FD7-4074ED9B9BE1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6A880E12-1DFB-4B24-BE62-D1F79D987993}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6AB6474C-0504-4ABB-82F3-8EA5A246A8A4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6AC4C643-BFDD-4471-B2EA-ECFDCA3158F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6ACCB759-C635-4B97-BEB5-BE9D4E58297C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6B0C9D9B-E742-4935-8326-980AD74106BD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6B11C7D5-A046-4CD9-9A5C-B9024AF8CE68}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6B4043B9-913C-45F6-82E9-44084506BA94}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6B452C9D-94D0-485F-BA0A-0894EE3A9254}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6B78199D-F301-4464-AD10-C71ABF0B8BFB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6C8E66D6-7B89-4313-9379-26A51019B434}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6CF08DCC-CF5D-4937-80F6-106F6C261DE2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6D09E3E4-65F2-4565-AB60-B983D91A04B3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6D0B4341-1A08-4D4C-A162-4052537000A2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6D3AD8D3-01EB-45F0-ABD3-942EE191CD65}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6D647E5D-E3EB-41AA-8608-37BFB2ABBDC9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6DA1A4B8-A8B5-45E5-A399-D7B07EA034A3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6DC5ADAD-F33F-44EB-9C90-10C5F509B4EC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6DFD8E54-70C3-445C-B7CD-C985C51096C0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6E2B4EC6-F62D-4601-ADF3-4A36A481FA99}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6E491208-999C-466C-A4CF-158952294A99}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6E6D4513-A1CA-4554-8A81-695EAA8960B3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6E9E8F6A-7FD4-4F49-9A29-69422E867514}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6F23535E-5274-40ED-B154-7F215E430C4F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6F31A20A-5441-4401-A845-128B5B76E5DC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6F768C04-EC16-4AD9-980D-B90425DCCDE1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6F7A0FA1-EDB6-4A0A-8992-EDF8A70C1C62}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6F966B8D-E201-4BC7-85B3-031E9A078EA0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6FAC4DC7-16B0-4456-8B0C-BB57D4009A62}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6FC5EEC8-780F-4F2F-B5A2-9F240519C0F2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6FFB2572-9887-4CDA-9F81-96701733BFC4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7051FA80-C9CD-4D98-8166-84AE860F2FC8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{706795C7-2B17-4379-8D93-D5C5D10EABE0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{70BD250E-6D81-4038-B57B-9F91BF2E5B5C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{70F32B1F-2F22-4C7E-B465-F17E6B7CEE52}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{713C88C8-1191-4871-9415-E68189666BAE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{714C94E1-E952-4BAF-8ECC-C18ECBA7749C}

Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{71C5A6E5-FBF9-4FC7-91EA-AEEB99245959}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7239FCB0-E704-4FC3-8CAB-352B32DC52C6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7297D3DE-900D-423B-A219-FA6D42F13184}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{72A53BDD-D3E2-4777-A1B4-BEA935381025}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{72CA9C90-B4A2-4A70-9AC7-C1A113EF0DC9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{73201F3C-23E1-435E-820F-E3D5E871BB89}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{73A4D8D6-BBAF-4086-B0F1-976ECCF97AA4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{73AE907E-509F-4AEF-8665-66AA84E7F222}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{73B15709-1CEB-44FA-9ACE-1C4F9F567620}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{73CCFE9F-2600-41F9-A2D2-7E65A45036F5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7458B0D6-7CFC-471A-9643-26139C379412}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{745D7010-0BEE-4083-B52D-B6E153A8A9E5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{747621B6-12F5-436D-A3F4-79A8CA6C9EF9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{74D1CFD4-C04F-4EE5-A93A-308D48CCEF7E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{74EA49A7-5C21-4397-8B01-FE3299514495}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{752CBF4D-964B-40D7-9D32-52FDF5226554}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{75BC52B0-55AE-4542-9F71-9D11FFD8F4FF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{75F85F06-7173-4EFC-A8DD-7433187F5CBE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{761E55E8-5086-4B6D-A2DA-79E81EB98668}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{76251A3D-4BAC-4562-B594-5004AD48024C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{76338E36-1201-42C2-9F04-DE4DA1EC6FC7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{76960C32-6EC6-4BE5-9E1B-0EF06701BD77}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{769F6931-0363-48D0-8CC3-29430EB16EFA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{76AFAA05-5A9B-4B3C-B063-2D09B2CE55FF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{770231F9-E819-49D8-B9E6-E282DC817ABA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7726D499-4E68-447D-84FF-EE1A767A8334}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7775B97D-EA0B-443B-98CF-0A0AE0D03781}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{777E2236-A613-476F-A8E8-2F78E8629F89}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{77BABC18-87DB-404C-8D7F-921C409DD644}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{77EB73D4-BDF8-4E36-AFD6-C25D13B7F930}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7806797B-1A35-4934-8444-97E383A9BDFA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{783F6E2E-EF2F-405A-80E4-C7563AE11CF2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7841B82B-4866-4193-A73A-AFB599AF3015}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{785D6520-CCB0-4AEF-B4CB-47F1D9447B1A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{785DBECF-D930-495B-BB39-528A4B361E44}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{787A7EEE-4AC0-4EBD-A817-6321BB996BB0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7899319E-120A-42CD-B0CD-B29DF1D211CE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{789F6176-7D7D-426A-84E1-4010107ED102}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{78A04112-3C06-4DFE-9593-B5F5936CC588}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{78D1C82D-01CB-4800-B80F-40AA4A5D1E67}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{79020249-4E20-4847-95C9-E6F317242F0F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7981794D-1C4C-4CF5-9ED5-D2EC9D2BDC06}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7A2D3E91-E3BA-49D9-B338-2BF4B9BB8814}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7AB49135-255E-4C20-904E-34D30318FA7B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7AE2BF79-0676-49BA-845E-F57B593FD12D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7AF62398-1278-4D8D-A6FF-0D688983AB6D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7B1B2ED7-43BF-4EA2-BDF3-EAA64F21C552}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7B6E3C46-81CF-47DE-B8AD-5C550B53DB54}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7B79F222-EF3D-4E14-9BE5-F915C4C4FDDD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7BDF3C70-9053-4959-8557-96187C39E6C3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7C4822F4-A7E8-426E-A1B4-658DF29E8831}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7C622B64-D872-4AE2-B5FB-664CFE89A371}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7CC3C5BA-2F1C-4381-B5B3-AE428C05E50F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7D3286B1-AB64-4257-A96F-06EFFBE50CB4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7D9D3F29-90EF-4F7F-A9F1-6C5D4596319E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7DC4A3DC-A2A0-4AF2-81DC-BAED3315D3B5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7E3C8918-7CA5-45E6-BFEE-0C76D97E14C7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7E4D2CB2-ED3D-463E-AFF1-270DDB9F2CB7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7E4E0E6A-EE2F-4CE6-B153-433999675B98}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7EAC85C1-AAE2-4E5C-BB5D-84A1519239ED}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7EC16988-35EC-47A1-9E48-7490EC400CC0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7F7A2032-2378-4FB6-B1F8-56F3BF69724E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7FBDE711-B6EE-4DC6-82D2-5715B0D8F791}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{7FC6BE3B-5736-43CD-BB98-9431825CA7FE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8047FF7F-F638-4580-8325-669B1DED6617}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{80AEDE17-FCC0-4A3F-B66E-7ECA8F7492C5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{80FB07D4-CEB0-47C1-9A1F-CEA50C677070}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8109F5AC-0DE8-43B9-98E4-C953D4E69314}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{81227970-DC6E-443C-9BB2-197BDA71B239}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8141CFED-DC7A-4B77-B082-F1A8D2945619}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8173AF9B-E91D-4369-A800-06DAD4B8FA18}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{81844355-E985-4034-8728-238D6930D38C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8231B134-9F0E-4038-A10C-298211FC838A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{82610CDA-5C16-464E-8B64-CA14271E5D8D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{82C45309-6A5C-43C8-BFE7-6796D2771CC1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{82C4AD58-BF12-4756-95FB-A50AA981D0BC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{837795AE-B4D8-42FC-8D2D-B247CBDBDC70}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{83D853A3-8E60-43F2-964F-0F6FBECB1146}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{83DB3AB6-194F-4DC4-B5F5-F404D4F6D21B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{83F0D408-054A-4F1B-ACFA-052328E0A494}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{844C056D-D81F-4AD5-9E0A-1E9B0E05A580}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{84521FF3-54A8-4B61-A047-312C6D00F933}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{846BFD47-D99D-48A6-A5CC-3D8B5C7D159F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{84727C89-0B90-4C0D-8010-F68DBC492B16}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{84E54AFF-61AF-42FB-9C04-A68BBC23CFAB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8583E7BE-5F96-4993-BE6B-CBD9F87A5364}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{85D4E966-F65A-478C-AC1D-5377D09DA058}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{85E62A4C-86DA-434C-A25D-4A33C09F1438}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8613BA31-0658-4D08-A075-C1FEADB5D033}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{86313A7B-5499-4B27-ADC3-4205742EBEAE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{867E1C7C-9FEB-49E4-AF01-B86061A9775E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{86C4B971-3D25-44FC-9DC0-8852769EF407}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{86CF4CC9-0DB4-4BC5-9E09-984E3B79C2CF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{86F723DA-E9C6-4362-8590-0FBD22730DA9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{872BE069-E54D-42AA-B317-B86E06AA3108}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8762EE4F-8496-47BA-8EBF-79476163072D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{878BB430-70D1-49E5-9E2B-573A56DCAA83}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{87F1E171-FCAF-4883-8D01-C7CD54A44F52}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{88087759-57F3-45D1-95E6-865926B75D8D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8883FB35-B652-4741-8FA9-3C17C4C9A8DC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{88841B78-E2AC-46BA-A1C4-B1DDD17DDF0A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{88987A57-7391-4312-8811-03D74700D094}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{893FA4C5-E8EE-48FA-B6DE-BE11491B7C95}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8946BD73-41CD-43BB-B9A1-40354A22958C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8993B5BD-857D-4B37-BCCD-0CA70DF724DE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{89B92C47-1514-487F-8286-F0BCB0C4AD93}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{89EA15F4-FACC-4AA0-8DA1-FDA693FF1814}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8A03E5D0-F2DA-4BE5-8A17-977EAC39E8DC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8A1B2628-60C0-451D-9B67-B1FDCA3C7545}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8A1E8578-0A30-4515-8BFD-5998B1CC73B9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8A52CA5B-510A-4263-9461-132C8D329502}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8A741437-F37F-45D0-8B41-E41C98A02C9E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8A99BC1E-9A8D-45A1-9E60-5AB14F23735C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8AFC34DA-C506-4D98-A5F6-99DDC92B1A37}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8B50F171-2BB3-42AD-B0D4-319A7979EC91}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8B9010ED-E175-44CF-ACF5-C940250A605E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8B93A5C8-FCD5-49A9-B7C9-CC8E606BFC1E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8BB384C4-F822-4BE9-82F0-B79C8A634339}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8C0DB182-69FF-45E4-B171-3479B91E5B0A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8C764491-3F60-49C5-9BED-E4C343B70B6A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8C9D60BD-3FBD-4EA8-A541-581389EDC8B5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8CE9479D-9693-487E-80DD-7EE67BF8C810}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8D390974-6414-40DC-9C6F-55F7E3AF7293}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8D6B6DF3-E4C2-4752-94BA-BE02CB98150C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8DB05DE6-C3A6-437F-90D8-8743466AE603}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8E58980D-3DE2-4A58-B8FB-4F92FD44F994}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8EB21A6D-A848-4489-A4FB-244786E4AC61}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8ED4D79C-2524-4087-9964-3266CAF31888}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8EEC29FD-7F52-4BD4-94FA-9611CC530364}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8F0C1E57-540C-4A34-9E5E-5F8912BB352E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8F2C9791-719E-4728-8A80-7C6B4F5D2D96}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8F36A3DE-4201-4874-AB77-9E37E0EB3108}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8F5B7D57-D45C-43AB-BF37-E44F6F08CA72}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8F97B68F-5F63-48F9-A7DB-612883EB62FE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8FD74FD5-C3EF-466E-B3AA-354EBC365BCC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{8FE48A9D-175C-4BDC-925B-860FDEF75650}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{90A35A56-7251-4F9D-BFDA-385E49556E73}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{90AAF697-37C1-4449-9FDF-304EE1A484AF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{915A12C7-6603-40FE-AC5E-9D723D431BDD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{918192C1-5C5B-4666-AA3B-9202A1205269}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{919DCD79-86AE-4B69-8338-671474730256}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{91D62D9E-5E07-42D9-BBCE-65673CE9BE14}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9236EA7C-0F60-4A80-BB7E-9F42C9316FB2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{92544E41-1050-44B1-9D5A-102B5BB9C0CB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{928B5286-9483-4C02-B087-BA96B614C62E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{929333B4-7811-47D3-8D9A-211AC5C32672}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{92B67B42-7107-43B0-8705-BB0E5E06522E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{92C5AC3D-27B1-4B99-892F-C94E1270DB0C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{93080FF9-6ED7-4246-9A0A-26DB07A6F350}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{931401B4-D3B1-4C37-ABD5-56F53CCC5612}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9320BD43-DCFE-4BDC-8D3D-DC77CE852B8B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9367E25C-9F90-4133-9420-549E72C341E0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{93C98359-40A3-4AA3-B510-089202B3F400}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{93CB7106-48CF-4C59-B412-D1F0A1CA9196}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{93D4D549-7498-4654-AE71-546155BF4CB5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{93EBEB29-A3D2-4D30-A299-06878B322EB5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{945C0D2A-C335-4F9A-9484-2ED89D037072}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{94A648BB-CDB9-45BB-8EEA-14B2B71BB1D7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{94C8B41B-C847-4EEF-9C9E-18337A6481A1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{94DB82E4-ADB1-4A0A-AFDB-62D3DFF05DD9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{94E9AA71-1173-4BEE-9A27-298D2CFCC834}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{94F8AF46-237D-4BEB-B7FC-B18B4E91334B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{952BDC07-346B-4886-A1E2-B2BE9B74BD75}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{95366EB1-BECE-484C-A4A2-2534C2ED6485}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{95833B9C-A9FA-43C5-B38A-44D3A9C3A151}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{95A9636C-BADB-454F-B9AE-EC22BBE2F25A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{95D1447F-70B5-4235-BEED-6709ED104C8A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{95F65FB0-3643-4EA6-B8AC-87750EE3028B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{95F8D2D8-7C60-44DB-9359-17948A1ECE51}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{962BFB06-C647-4EF9-AB10-D84D065AA66D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{967786AB-A379-4BC5-AD30-653052F8BF11}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{96DCF67E-9A3A-4BE3-9F37-4DBA1075D868}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9755F204-B445-4C10-B6DC-2EAFA7BCCEB8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9783A1D0-0A28-46A3-9A74-5D59E694067E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{979909EF-46CE-45AF-8EAB-9EE0B764CA7F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{979B0788-1163-46F9-8CBA-CDB1E3D83BF9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{979CFB40-7695-494F-9742-C3E8619A695A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{97D2A967-7580-4BC2-8EFD-B8EC917096E1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{980B797B-29EB-4437-A729-2BCEDB085C62}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9852EDE7-A7CD-43FE-94A7-FDE6CA8D0F9D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9868A227-F5CB-4BDC-B137-FCB5A350D7F5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9871CDE5-0C3C-49C5-B973-226C38637B0E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{99CF698D-A89F-409C-94A9-008CE398C6ED}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9ACB3540-C70A-45E1-A509-0C4DB6F8ABFF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9B1C7CAC-21FB-4CDC-8EB8-B5912FB0F3DF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9B64A711-0B3A-4C4D-ADE3-F9E8FD230301}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9C0DD583-F65E-42F7-8C0C-02940BED1236}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9C1ADCB5-9E1D-4693-88B4-9A82ABC7DEE0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9C75D393-104B-46A3-B544-2CF617DF959B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9CB950D5-32C5-461A-99C2-D4963CE1CD3D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9CD6ED3C-97E5-4C6A-98F5-B12AFFEFC3E4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9CEAC3F3-C965-4247-ABAA-412118B1BC53}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9CED57EF-B0ED-41BA-ABD9-FE8C7F8117E8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9CFECBC8-A337-469F-B01B-E1FD38AC51F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9D46DEA3-6E39-4D1A-A60D-67EA545EFF95}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9DA6C61C-FDE5-4455-970F-8B72CAD24294}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9DBD0F94-3C7A-4488-A841-77B8B64B96CD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9DCA5C3F-7683-4438-84C0-E259973CCCAF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9DF4AD20-DC0E-4F97-866E-A90D6DACEDF5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9E0C7EEB-E32F-446C-BC12-242EDC0E504F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9E969E58-E836-4B9C-8CC2-C3EBD17E9636}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9EC2434C-653B-424F-8C04-466B15538441}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9EFDC039-CBC7-4611-9E7C-AE73C3137844}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9F076F76-A52E-466F-BAC3-E9A9A6F7D707}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9F2200AD-8752-4065-8866-6ECF836B4E77}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9F8ABA74-ADD9-4C1D-8CC6-D17F84358EAC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{9FEEEA97-0280-468F-90C9-8D6A660242F6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A00E4B80-F6F9-4A58-B78A-72F8649DAFE4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A018D0E7-53F5-4E56-B4B2-141578180E89}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A07AF838-852E-4993-B76B-64243BD7498B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A0B1C9FA-F26E-4CD5-A8AA-C22531C4A286}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A12A86CE-EEA0-4A82-9DF2-3EE4D140BB6D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A1498F06-731B-4E38-B5C6-4D7FA26181BF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A1621E5F-CE18-4AB7-BE2C-DB9487EE49E5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A168B05A-46E4-43F6-A0DC-BAD04E6BD73C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A1924D71-3299-4401-9E52-54D46A601D53}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A1DA5545-EE40-443B-B512-0257DF2EEA6D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A21BEFC8-A653-4F5B-8FEE-60AEDA6F55B4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A21D6EAA-52E3-4E1F-8E6C-DF5467A0AFAE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A2AF12ED-7931-4C70-9309-E9B46FCB4066}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A3144923-7A70-42C5-893F-DC1A1452B753}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A3284821-C9FD-4ACE-9180-6C646E8F6216}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A33F744E-E702-4946-B126-9079047070B4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A35354DF-942E-482A-A209-B1CBCF91360A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A35A46FE-E5C7-4C60-B85A-5F85A3A1FD75}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A373F0B3-874D-4CBF-9FFC-39B52705FC54}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A39670FF-6DE1-43BD-8A5D-5792FBE56511}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A3D3B3E8-3E02-40C6-B999-F57E6BE1CC8D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A3F0D351-4909-4B0A-A045-7A2054F64533}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A3F8BE8E-A431-4369-BBCB-6C3FA90BA95F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A4067E1F-FF70-4037-B7AE-914D993F076B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A47F78DE-60E7-444E-B1B3-D8E60BC5E739}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A4834108-DC12-4FE3-B677-5E69300EDBDE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A52A25F4-0570-46A8-B742-5D880DB81CAD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A59D78F4-7E68-401C-947E-F0261973A7D8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A5A1D169-85F6-4945-8F18-6459DAAB9B82}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A5B002B2-93BC-4838-B471-F9AA327C13D6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A5B15698-57C7-4CDE-B838-1EBA112877EA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A5E99F56-66B5-45F3-AF16-FEC5B3DCFFD2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A5EDDBED-5C6C-40C5-B6F5-84C3C8D0329E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A6352212-B6F8-4C31-B7F1-2D150B58A8A5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A67D76F7-C64A-40BC-B5C3-7423270E6C1F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A70F13A2-2173-4A79-A188-2A80CB8A23D6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A814B87C-958E-450F-9722-90F247B9D84C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A87DC775-519D-47F0-8892-C7E7DED0B9A7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A89A16CD-E472-4FD3-9249-2E846CBB8C46}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A8D4251F-FA20-4BC1-B809-7C1E22A10CAF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A986EDD7-8F59-4DA0-B732-5111DC430B79}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{A9D78389-491C-4B87-91A7-21EAB056EA13}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AA088C43-7555-47AB-B0A6-59221C0FDE14}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AAB4C73A-96D8-4E0B-B4D5-45E57B1583BF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AAB9F961-6504-4566-95DD-3A7A450DE0A0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AB3C970A-BB0D-4BE0-BB08-29C302C7D2E7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AB6AF9C0-1E28-4AFB-BECA-D83E93C691E6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ABAE87DB-EB8D-4D80-BABD-49C148BDA80A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ABC702CF-F209-4BC4-8B69-27407B231A9D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AC10E7C6-41F1-4ADF-A058-C519968500CF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AC2E20F7-4612-4935-8339-638FEF3ED9A9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AC40C9E8-78D2-4BA8-9B78-EE9108EEAE6E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AC630C9E-57C8-4750-8986-E8C68864CE74}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AC64864C-0E1B-45C2-8966-87063B8A85BD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AC69D546-5B7F-40F2-AC97-9B5402CBABB5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AC7E8E6D-9C25-4359-86D5-2B0F5DF0BC05}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ACBFBBD1-776A-49C7-AC69-343C356B5F37}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AD7DEC7F-1F62-4B8D-9E55-2685C1511F61}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ADC8F2C5-4943-4BB1-90B1-6BD6E723E2AD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ADD81F27-1A06-47D3-A263-FAC4169FF6BC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ADD8A242-63D5-4251-911E-1BA845FA64AB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AE12F1CF-3A99-4C06-9FDD-6AFC758F8FC1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AE143835-038F-4229-B025-2D8BB54A7FFA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AE32E330-9492-4AF7-9BA9-C685110C3675}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AEBB1E9C-03DF-41D8-A7E8-8A5CFC88ED1D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AEC7833C-AF41-408F-959F-CF66FE229E13}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AF18EECF-B7F1-4B90-BB85-55F4EC870297}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AF1A138C-E186-41F0-87F4-DF128A930C33}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AF559764-00A7-49F1-A545-F8365B3D14AA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AF673B42-52C3-4C55-9CA4-0CB42EAAD7BE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AF9F0ACD-C94E-4063-9434-470928315665}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{AFE160CD-F420-4CB5-B4B2-0E0ABD74AEEE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B004F817-4164-417C-9F8F-CFEA3C99D850}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B0637DF4-7CA6-448B-9F79-84EBA6BBFEC5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B0980944-BD0B-467C-9EDC-4C0BB33909FF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B0C3D369-0965-427B-A166-4D5E70C77356}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B0EBA9BD-1511-4D96-8E32-CF60A72FD6BC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B1636704-3B6F-421C-9372-4C48AEF2E529}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B181EA8F-2C15-4049-A288-3683D6135ADE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B2197EEA-A796-4C3F-9522-C26558627536}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B23F09BB-B6CF-4080-82BB-607327CC2547}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B2AF4508-6C0A-456D-90CB-AFBBCD6F63AA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B2FCA027-AA93-4DBE-9305-273D759C0BBD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B3525434-3A5C-4C07-90DC-6162F010E316}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B360494D-6A52-49E6-9679-04B164C21967}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B3857EBF-083B-4685-93A1-53898196AB7A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B3C46A8D-CFE7-4F70-AD5F-6EC9576CCF4A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B3C9F863-C399-4C3C-9BEF-4DDF4B4E9AEA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B3EE57A2-5088-4A85-AB89-55C25F9E57F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B3F0B3EA-27FB-41C7-8470-947849328EA3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B407DCD7-F7A7-466D-84B6-3E67596119A1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B4365EAE-4ACA-4BFB-87C0-8D863D2667F8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B43C0F2E-721C-4A5E-9F9D-44E412DA99D1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B4A57139-F844-4CAB-B068-68C6F0698076}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B4AE3003-D332-4578-9427-61D700403C71}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B4E9DCC3-415A-4461-B1A1-E90F155A9BBD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B5173869-7CAB-49CE-8434-96FDCEF65319}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B523FA4B-F41D-4896-9709-7AFADCE30AB6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B550D82F-6E5E-4DFF-A967-3017F729AAF3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B5DA7C4A-C55E-4470-B7E2-D9334AF0EC99}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B5DC1463-E506-4EE7-A27D-7FE368653FDE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B5E11A6F-3934-4EAC-AC90-02D0B332114C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B6A4BDF7-CBB7-47FB-82B2-DB807182EDE6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B6C83E8E-62A5-41B2-BB34-957884C55B26}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B6DD3820-C472-46D0-B683-28333B6986D1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B789A544-9D7C-4A39-B7E6-4B266847B7BF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B791159E-0BD3-48A4-9743-998E5DAF3F9C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B7CE576F-7D15-4923-8D5A-47DFDC95DD6A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B8162D66-79C4-4834-99A5-5848366A4452}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B8DF09DA-ECF9-44F4-B79A-C72778D4D2AC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B98DE429-451C-4124-8ACC-67756AF9178B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B9BC6ACC-A93A-4F9C-86A6-D0B1689353F4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B9C4C21C-A55A-4BFA-96CF-EA4E23832C15}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{B9F4C002-4AFC-4395-8730-47ED52E5DA79}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BA41F55D-5AF2-44B5-978B-D340555C9D64}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BA993190-40C3-424C-8090-B030A8AFC203}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BAB4F77A-6A20-406C-A3A8-F902EF69C316}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BB2628E3-462E-4548-86CA-A55C2132C7C9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BC4D4EF7-4C01-46DE-8EF2-C765D03E6467}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BCAA63EC-1438-430F-9AED-B5003B0E973A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BCBA9D32-13BD-46C5-9E57-F3E2481AA6A3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BCE9A049-CA2F-4254-BE7B-B2DA2513BA42}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BD40ACAE-40F4-4C1E-A6D8-5C18DB726239}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BDFFABD5-EEDF-4E2C-8D60-0186884E8E16}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BE07C7AA-B2E7-456F-A27E-8867FEF233D8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BE4C3912-8407-41D7-B544-78841B6FB3AA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BE686C60-23B9-4848-9A16-609B9E928A2A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BEB5564C-6EEB-46E3-A8D4-8B5AD6E480EF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BF41F854-6D7B-4347-84E6-E12C8E7022E8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BF7384BD-53AF-40F0-86FE-25AC6F149F7A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BFDAC310-3C20-479F-9057-BD3A479145AC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{BFE6C0ED-1DE1-458D-A4B6-0B2ACBA564C7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C025D581-3728-4D14-A3E1-50B2F61B1C5C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C03E12BF-6DEE-47DB-8F79-EA7FBD18BA3C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C04AD0D8-43A2-4FCB-A4BB-0C8934E891E4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C0523542-8D00-4E6B-A6BF-CC791C590B82}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C0A73394-F392-4682-9BF7-BF7F856411FF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C1298979-85B7-4607-A867-1E016CA38EB3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C1B74DBE-8D65-4471-8127-2C8EB68640E1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C281E33B-0879-4453-84A6-AE2C19202958}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C2B2B8D8-A38A-43AD-A6C1-3B3EEE7EF10C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C305BB95-B5A6-4C80-9726-D146B2FC4FE4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C3843C3C-6562-40DC-A4E3-1DE8363C01E2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C3BC5730-4D00-4154-B1E4-3708727288C7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C413DBBF-90B3-47A6-A445-FEF03A072BCD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C425F0AD-CBBE-4FA6-ADFF-28598F657326}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C48317B4-3836-4965-BD0C-7D441294C082}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C49A2B5A-36F9-4AC0-B088-51EB00C53D35}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C521605F-4AC6-47BB-BF8E-191E583028E7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C54DC7B3-7D23-472C-92AB-7D5D9775956A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C5B02752-66C0-4A35-BA21-20378BDA9F60}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C5DB1E05-EB32-47C0-A77F-8273706B90AA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C5E86BB6-AEA2-4F34-82C4-F7CE77B20815}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C627F8DF-304A-44F1-9F47-53B0135D2B4D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C62EFA4D-F9DF-4DF4-A692-1F936ECD7C1F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C65B3152-AB4C-4200-BE4C-FDFE6DF4E6D7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C688D992-B1D7-4A05-86B8-94D964987E44}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C710A8AC-0AC7-4697-AAA0-1CB0A1E3E627}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C71C115F-1CA3-4F44-91AB-B7EA8DB6B1C1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C72C2AFA-1BBB-43E8-9C10-12415E001679}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C73EC231-03B0-477E-8292-DE463869A2F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C7C2C770-40F4-4AE0-A013-6D4128CB2B6B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C7D102ED-F1A4-4FEE-8AD7-D754D56DA77F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C7E36104-100F-4145-825B-7423B7EFF952}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C809F0B9-179D-40E6-BF1C-96C1ED947F6C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C840DA27-ECE2-4F0F-8EE8-0DF0F0A61F71}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C8454062-C2AF-4F9D-AD21-8AB9FFB226D3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C89A0B9E-D948-49DF-A6AE-BF7AACE2E978}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C8C0D56B-AAB5-4CC6-B293-6F4D0D061660}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C9709C15-0475-4D2C-8BFA-A056D96F3F20}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C98729E5-88AA-4249-9ECE-8B453371B9B1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{C9E6CD1A-ABA6-4108-A861-92CFE978F2B9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CA29CD7C-B567-45B3-BFCD-C8D9708B2F92}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CA5C8B6F-0484-415A-8D91-BA45FB8B7212}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CA828C0E-F2F8-4EEA-8AB4-5F5188092F97}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CA869694-05E3-46C8-8ED4-752C3459920D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CAA1C2FC-C5FC-4266-84E0-283D58F820B1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CAA5C6D7-9E8B-437A-8FEE-87AE56E76844}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CAEDAE7A-ECBE-42C3-A00A-BC7DAF679077}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CB15A419-F069-4888-9404-1C0818284536}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CB1D501A-225E-4FFF-84EB-BCBA2EBEFADA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CBB58B24-776C-419C-834E-04A206A34E99}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CBBDB2B1-8B41-48CC-BDDD-39BBF6EEAA45}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CBE7A562-028F-4D70-BCD4-C78FD93E91AC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CC4BF251-19CA-469D-BCBF-6C9AD0107D6A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CC573BAA-9358-4044-B8D9-80A7700158EE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CC5E5761-9E01-408D-9859-FB2100B3CC11}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CCC8FB31-FCE2-4DCC-AAD1-BE110759392F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CCF70FA9-40AC-4B35-B19A-62B2E1571795}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CD3A8DB2-8227-4115-A8F5-5B7B89B4A361}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CD768E04-E991-4626-B7AB-6721A70A43D9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CD90CC43-1D56-450C-80DA-40E18B5BB53D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CE1B8F66-EC94-4380-B54E-8179DB3BE5D7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CE3AEC6A-35EE-459C-84E0-3A3D56955D7E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CE4C03EF-8F26-46D8-BCA1-0C4590D0A7F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CF78EA57-5AFD-43C1-BBD1-CF21E02ED53A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CF86C9C5-4526-460D-B388-DEB84A461D2D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CF8DF142-5C05-467C-83CA-BCD10DD4F64E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{CFD60B50-5404-43ED-B654-F92E147DDA4F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D0194DEE-534A-4323-A4F7-E56F51476669}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D071EB96-1CEB-46C8-AD6D-720BB5905729}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D0805BD2-DAA7-4CED-9F2E-18E2D1C05937}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D1775932-95D5-4A01-B23E-5E558EA10E1D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D187933F-6D89-49BA-8372-A26FE824FFFD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D195C6EB-2F8A-4A2A-AFD8-95350C06DAAC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D19D6BE6-0770-445C-9434-4D52E30939B7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D1BFB17C-F08E-4019-93EA-C5F4F34E23FC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D1FE1A04-EF9A-4E38-B054-A49025B718E3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D20165EF-7E58-4EC6-A754-61E75970ECC0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D2769732-3431-4B51-8767-4B3D99FC37AF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D28A5403-BE70-4366-B64B-02DEFB2999B0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D2A152A3-953A-4F90-8896-EB25270D50A4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D310724D-9C24-4A3F-B6F1-3ACE7D3FE9FF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D33B5EAA-9F10-4930-B9F3-EF37B20B84E1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D390B78B-C136-4F3F-A0F1-E1530AFD2789}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D45E0214-441D-472B-B961-3BFA9A8140CB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D4690B41-D9A7-4A79-A64A-ED95CF285CAB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D4D108D9-6559-4CF5-AE85-342C952C1ED3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D4F0B22F-EAC9-4439-B7B2-2215547E598E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D4F366AD-418A-40E8-8F10-7900E374EA7F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D54060E6-0D10-4412-8CF4-567A00888F75}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5423F2F-CF12-42E2-AB63-18487293A8BE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5753F02-B725-4655-B989-04C94F1EC8DF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5840C6D-5FB9-4E9C-A51C-C4CB16010BE9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5868E3F-32B4-4DFD-80B6-D26F455BAAB3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D594E3E9-E389-48CC-8B74-48F18C119462}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5E2B0DC-71F6-4DD3-BFBA-E543519B1AFB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5E4E078-7DAB-4317-A350-5E56A769C775}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5F6CC90-849B-4C6D-BF84-4EEF783ED2B4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D5FAF89E-4C99-4891-A48D-A002F6DFCC2C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D623A3C5-9B42-4059-9C52-A7265232C704}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D63A2283-3300-4D86-9495-25ABA063DA60}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D6B284D7-75ED-4FA6-B543-97C9C1BEC4F4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D6B597C9-9422-4083-BC2E-BB5D85652137}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D78EC368-EBFC-4411-B599-BA129B6C84DF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D7B81E92-543B-4F27-B370-4ED87CC942C0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D7E1DD00-0924-4318-B183-009DD23D671F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D82A839A-DBE7-4CC8-9D70-FA7D41C3C0DF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D8718D37-F3B9-4B19-B7F2-B7EDAEE35E57}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D91DB370-0E58-4F86-9821-3EAAB57EA94F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D9226C4E-D150-431C-8DB3-F051A6D619D4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D9351B2F-B43E-4115-AB08-23C517D1BAD4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D964F041-917F-46F1-AC8E-0DCDA0A98DF2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D9670A74-C9AA-4DD9-9641-0DC07384C513}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D9CD3408-31C8-4332-B1C1-C667A28CF05F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{D9F4CB88-0C96-4710-8E92-26F5FA3E8BF2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DA25DCBE-115C-4291-9271-973CF140C737}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DA943B7C-21E0-4251-B644-2432D47536B7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DB1A880A-3295-4126-86FE-8E2CD5388BB9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DB574028-CFD3-4B4D-9DD4-94686F943D4B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DB5A9EB9-3B1B-49EB-B13F-93FDDCC55206}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DB744592-664F-4729-971F-7BA6BFD338DB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DB8D90C4-2961-43F7-AA8C-6C425FAC54DA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DBAE60AC-05FA-4C1F-9A66-1B9FECE6344A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DBC1415E-290B-4299-AB50-0BBC5ED658CF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DBF6CBE3-4AB3-4B1D-A4BD-CC287F86DAF6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DCADE42E-9E92-4FE7-A1A5-E38CBF21C83A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DCB192A7-DC7F-4918-BBD9-EB8F9FAE39C3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DCFE127B-D280-4127-8A24-54FC254823F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DDF07F3C-B28F-4A86-8D9B-5A34A62EACD2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DE9221AB-CD89-4F20-96B7-4434701899C7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DEA1A3D8-45C0-497F-AB1C-D2426E59B5E6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DED0FA5C-8982-49D5-9F4E-B3A801701F0C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DED17B34-C1DD-4AAE-B36A-80E907E8B648}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DEDB873F-B778-4927-A9F5-A400808C4477}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DEE02EDA-0F5A-4CFA-B7F7-AD43AD6C39FA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DF293977-8508-4CA0-99A2-D58C0BF0BF2E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DF79B386-42D1-4D1D-B401-E4FE5832EE54}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DFA34DE8-6309-469A-BEFB-390DC23272BB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{DFB6860C-C9F7-48A9-8A1E-AB7302ECCA4A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E0423704-D3E3-4AAB-9180-F7259B5DF097}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E0483748-635A-4781-90E6-231F95052C00}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E06C2299-A6F9-4099-882F-883CE4044395}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E0A482E6-46A2-45FE-9C5B-E23F17EBDDF7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E13903F6-7BA8-42F3-AF64-5C3D77AE2491}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E173416C-8EC9-48CB-8CE0-B1C0364B37F7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E17EE7AD-7211-4AEB-BC16-5902C3399C12}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E1A6FA72-111B-4BAA-9EA7-EFE9F532A5A0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E1D65C1F-F247-440C-916B-39D47BF98E5A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E219B9ED-7AD1-4204-B823-7DDC3FBADC55}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E249402F-4248-4D3B-8591-2896469A940E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E2CE3CF2-2964-46CC-9EEB-274DE116BE3F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E2DF0F86-C2AA-4EAE-8D20-079718B3825F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E35BB9F9-74C7-4367-953E-3C3813BE6C44}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E3979BE9-06B8-4772-9ED9-2723DD35A032}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E458493D-844A-4188-BE15-BE1AC5521FE2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E462E6AD-5DE9-4A77-95EB-F59153331325}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E47FC8F5-8CE9-4D64-A478-046367A56E02}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E496EB8C-E81E-4959-B3EE-D728634C86E1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E4B4AAA6-3202-4D84-A94C-B7B11C0150F1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E4ED01D2-EE96-4A89-80FE-FF91D00C3129}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E58F93FD-E8B4-482B-92BC-BFB53EB261FD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E5BF4F92-AF9D-4EAF-B8FF-F56F947CE223}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E5C10A9C-7CE9-4808-8162-B4F299AD1A2A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E5C9C796-77A0-436B-892F-88CAF584797F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E5E35698-E976-4E71-B08C-3635922A09F0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E5F4FD1A-4592-4D2D-B34A-E48BCD5DE74D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E63F2611-FEE8-4354-9EF5-9A643AAABB95}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E694F372-3F74-4475-9BBB-997375C6927C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E6EC5CFE-106A-447E-9C9E-BDFFB628DCF4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E72D7E86-6055-4598-A900-7EB681EF5F5A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E72E8E7B-20E5-43A1-9A48-CCFE5CE153CF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E7736472-82FB-431F-9628-1F2E67FCE4BE}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E7E074CB-BAEE-4E82-8C36-078FC45805C2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E7E429A1-E869-4A45-90E1-1C14F17DD47D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E7EF0819-A788-4350-8B1D-715D9579AE0C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E88735A8-FE37-4BF6-9A83-3086C41CC906}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E8B82433-4DD8-407E-AACB-EF89CE553D2B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E8E9FCC6-DEDA-495D-B2DB-38F5CB488C20}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E90759FD-AAED-462C-AE6D-D8BD2731D7C1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E91F42D9-7737-4BFE-8117-CB9F43FEA8DD}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E9865D17-1DAF-4290-9984-A9DFE47DEE81}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E9FC06BE-61E0-44E0-ADB0-3B252F602C8A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EA5DEE75-16C1-4738-9D65-28EDB58553B4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EA6F9AB4-4059-4510-AA61-2364087F4B17}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EA798720-2C94-475F-ABFB-A1723C230A0F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EA7E5E82-3B79-4D48-A507-B9BEB9073EA2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EADCC737-9B8A-4753-A87B-C7E54CA14010}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EAEA4265-E367-453E-8BF2-141CE8116994}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EB239769-5720-48FB-89DE-8366B9352A72}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EB248173-BCD8-4045-B81D-2729F6E39E52}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EB2643DD-166B-4141-8F28-718840820373}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EB9CB7B1-0CAC-4029-9BA5-9B6304F12EC4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EBB084CA-8B03-44AE-A1E1-9F4DF432746B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EC38D5BC-88A9-4938-84E0-E9C063F73A4A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EC425B15-57EC-4141-9175-A2E36DBB1D02}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EC6B7C9F-2E69-42CF-A4B4-3FDF1680637E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ECD2F609-43CA-4F3C-9957-33CA917AB3D4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ED5D1B1D-60D7-49FF-A0C6-B67CEAB03D96}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{ED9D3A09-586A-4DFC-850F-B3B471807404}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EDC8FDF1-3D07-4D07-A43A-D57BFFE8B1C2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EE38E481-596C-4F51-8DC3-86A96DCF1245}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EE9390B8-0734-4908-808F-905994137897}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EEB3C4D3-B81E-467D-A257-B36A1D30A6E9}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EEE22506-985A-4FEB-9419-CA530B90F513}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EF44005F-84A2-434D-B9C0-CBC43CF7A3C8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{EFA17090-F8D5-41BD-81AA-97AA0FE8ABCA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F050CFE9-AE77-4760-A4E8-597419CBF2E7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F0A34CF2-6BA2-4584-A37A-B91DE36E5FFC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F0D80505-0958-4498-A214-85423B527575}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F12F754B-BB07-4BA8-96E8-DABF9F2EA21B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F1627F42-FCEE-487E-A48A-A77D9948A171}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F1666387-70CD-4F69-AB27-24E0857B6166}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F18CE0D9-1AD8-4F44-AAA0-1732C638DF35}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F1D4042E-45DF-48D1-BEC9-13144D4D6434}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F1E32C11-47D4-474A-8598-38C99A5C5F0E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F1E45FE6-7432-4DFA-9941-F67F8BDFE211}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F2C6F43C-9CDA-4A2F-BCBC-FDD3877E5143}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F2D01486-97D9-4C7F-940E-B8EE8C6527E7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F2D1AEA2-B398-4A78-AFD4-B03FD2987815}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F2F63686-CDEC-4110-8321-287C709FC45D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F3370889-4182-4EA8-9DE1-82E8655C978A}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F3A17EFC-1850-4651-8824-EFEF47EF3ECB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F3AB5B5A-6FEA-4FDA-A3D9-20CD8DF4FC7E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F3ABB77D-FADD-45CF-BC01-3FAF25762D0B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F3E26650-384C-46E1-ABB3-B157DA0A7AAF}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F42B73F9-89CA-48C9-AE02-72524ED8AE04}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F4583732-8D69-4249-96B3-731BE868131C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F45EC7AE-F35E-42AE-882C-4C0B6FCF1814}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F5634D74-6741-4909-A695-FE7F69AAC112}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F57AC5F4-53A4-40D6-ABD6-236C56F00E20}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F5ECEF6C-2A63-49E1-A140-D41DF7083F86}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F64182FC-B8A9-477E-A0CF-DB0ADF9349C2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F64AC6BC-245F-4622-94B4-C695F70EC3C0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F668FF00-8ABC-41CE-AFD5-C249EAA529D5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F684CE1A-303F-4C2D-B65C-4FF460590DD6}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F68CB5FA-608F-42A9-A00E-67CD35B98FD3}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F6D6BFC5-01E6-4402-B7C6-95CE75C75ED8}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F6F24F07-1233-4F0C-B3CB-195FBA84048B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F6FC74A6-6863-44B9-8640-45B3A49C3B3E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F73E8CCC-104B-4A48-B43D-5FCCFDC03C5C}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F7A7C2A0-BE2B-431F-BF09-0E1A1C2F432E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F870B066-3344-4B2F-8B13-0193AB2E7D9F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F871B332-AF88-4910-80FA-3746308476C2}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F880A66D-EADC-4E06-833C-B1E1E3E46081}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F8C7FE6D-89AC-4E8D-B033-FB3E1D64F70B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F929930E-F969-47C2-9839-0D0742467FDC}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{F9DA0620-D239-48A8-9DCC-C9D26D4949A4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FA64B64A-9DC9-44B2-AB0D-5E265AC003D1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FACD1DE2-79D1-4C3A-A269-ADBC0B3F607E}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FADD820B-7C21-4244-90C0-4B0F35A4DEF7}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FB218C83-9CC9-496F-B4EF-AF61E2A9E0FB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FB2556A8-28AA-4E1A-81C1-6F9AA004B28F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FB69B5DC-B0B7-4E16-A0C0-449319EA580B}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FC1B50BF-5724-404B-B166-EF69FDDF8749}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FD6605F8-B0FC-4F13-90FD-29F2E8CEE871}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FD9ED9DA-29B8-4D28-B2EA-BE89FAB5B0B0}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FE9C6A33-E983-478E-B38F-BDBA9ECA806F}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FECC5F32-D10B-4F7D-AE6A-1BAA0E2E8EBA}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FEDE0D3B-3E50-4670-8387-87FEA4845EF4}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FF23DB01-4190-4438-8188-59E0A9B4F9A5}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FF248B2B-2086-43D6-A5FC-2FBE182B9D49}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FF8AFE2A-2142-4A95-81F2-2BDF71BEF685}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FF981D83-A989-4E10-A9AF-A1DD927EBCB1}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FF9BB9FB-F057-4B9A-9571-97CA5BBB75BB}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FFA0F941-2ED5-444F-A229-8CC2B34C6B5D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FFD1828D-9DFF-4667-9B8C-F2427B90922D}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{FFEA39CE-C47F-4E94-9116-0C0D7445A1AC}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/12/2013 at 4:08:27.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Great, lets use another scan , there may be more


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ruth :: RUTH-MSI [administrator]

19/12/2013 4:24:11 AM
mbam-log-2013-12-19 (04-24-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315241
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Ruth,

One final scanner to check for leftovers

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

OTL logfile created on: 12/20/2013 8:32:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.51% Memory free
7.59 Gb Paging File | 5.35 Gb Available in Paging File | 70.52% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 212.29 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 180.14 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: RUTH-MSI | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/20 20:30:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ruth\Downloads\OTL (1).exe
PRC - [2013/12/19 04:42:14 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
PRC - [2013/12/03 18:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/11/25 06:44:50 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/09/28 09:28:38 | 001,291,624 | ---- | M] (Shaw Communications) -- C:\Program Files (x86)\shaw\bin\shawsupport.exe
PRC - [2010/06/04 16:00:28 | 002,486,272 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2010/05/16 13:40:00 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010/05/05 06:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/04/13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 08:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/30 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/19 04:42:14 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/11 07:29:10 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/11 07:28:51 | 012,435,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll
MOD - [2013/10/11 07:28:38 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/11 07:28:22 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/11 07:28:11 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/12 07:57:17 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/11 20:17:40 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 09:39:20 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll
MOD - [2013/08/14 18:53:46 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 18:53:24 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 18:53:17 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 14:48:15 | 002,052,096 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/11 15:41:36 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 15:40:11 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/12/21 04:22:16 | 000,105,696 | ---- | M] () -- C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
MOD - [2010/05/04 09:59:00 | 000,182,272 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Services (SafeList) ==========

SRV:[b]64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/19 04:42:10 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs)
SRV - [2013/12/10 18:07:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/19 06:50:38 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/11/25 06:44:50 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/05/05 06:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/04/13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/30 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys -- (MGHwCtrl)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/19 06:50:38 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/12 13:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\1CA5.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/26 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 04:37:56 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/01/12 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/12/04 17:50:22 | 000,087,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EUCR6SK.sys -- (EUCR)
DRV:64bit: - [2009/11/18 06:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A2516833-3348-406A-96A6-26AAA93BF9DE}
IE:64bit: - HKLM\..\SearchScopes\{A2516833-3348-406A-96A6-26AAA93BF9DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=U218DHP&pc=U218
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 79 09 AD 8A F0 CE 01 [binary data]
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\SearchScopes,DefaultScope = 204128af-0f12-4aed-b13a-211ea5cc8314
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\SearchScopes\204128af-0f12-4aed-b13a-211ea5cc8314: "URL" = http://www.bing.com/search?q={searchTerms}&form=DMSGO1&src=IE-SearchBox
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2011/11/23 09:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions
[2013/12/19 03:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com\chrome\content\extensionCode
[2012/02/28 11:55:26 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\longurlplease@darragh.curran.xpi
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40779552811866027&ctid=CT3286042&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN40779552811866027&UM=2,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ruth\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0\
CHR - Extension: Google Search = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/09 15:43:30 | 000,000,974 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Airmiles Toolbar BHO) - {5F3927FC-290D-4C7B-8A30-694E7CA9254B} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (no name) - {357F39D5-81FE-4EAD-81EC-7F80A566E667} - No CLSID value found.
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)

OTL Extras logfile created on: 12/20/2013 8:32:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.51% Memory free
7.59 Gb Paging File | 5.35 Gb Available in Paging File | 70.52% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 212.29 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 180.14 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: RUTH-MSI | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BFD9DA1-70E4-4983-AD73-170F55DFDA37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1123D16E-7059-47FC-A56C-AAC202A4F893}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21B13831-419B-4BA6-94BB-CA1EEA127258}" = rport=445 | protocol=6 | dir=out | app=system |
"{30F03DD0-B0AB-4B80-801A-CCA880D6394A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3BEC21FA-2C08-475C-B42D-FA217513F04E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4ABD7685-129C-4C29-80AC-D1D6BF8C9C65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DEA7F22-7B88-4716-A87C-82D5985BE4A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1F451DB-5450-4BD1-A343-B29032824CBB}" = rport=138 | protocol=17 | dir=out | app=system |
"{BB1C2E0C-DA38-4AD7-BC36-A06A9647FA6B}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3F24286-BEFB-4D27-8D70-E644F7323301}" = lport=445 | protocol=6 | dir=in | app=system |
"{C51A2ED2-2763-41DA-958A-C5DB8EDF1B41}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D21602F2-F131-450B-B7B8-3C1F67A668D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{D2D8719C-7795-477A-A79A-D48B83ABDFD7}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE1376F2-5C0D-40B8-BC76-0315443806A7}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B594E3B-E166-45E1-8DCC-0DEC7D029D2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{46BE01AB-4D74-47AE-9632-835E7C1E8D79}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{49F97F33-B53F-4CDC-8F06-C84A68CC8775}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5E8218DD-C1EF-43AA-A2A1-FDD368253BA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{793E6F28-08FA-4613-B734-3F5459DCDFF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D03968B2-5B44-4CAF-A834-4140EDBD5B5B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E56C4325-218A-4E8A-AC5B-E49064095F40}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{3D7D2F3D-61E3-4CCB-B285-B58CA6BEA369}C:\users\ruth\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\ruth\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{84F2DD6C-EB6B-4553-95F8-DA5EEAAF52D6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D171D0AF-69CA-4AC0-924D-9804C3EB0585}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{4802725E-4DF0-4EFA-8B85-A97A3BC24E88}C:\users\ruth\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\ruth\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{6756FFDE-D838-44FD-9484-B46B4EA462A2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{BF79803F-7E4E-4C84-BCBC-7C6343F21B8D}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software
"{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}" = HP Officejet 6500 E710n-z Product Improvement Study
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"7F973C87231D745EBF31E772CC38BB9B185D3819" = Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{0ADAB741-CFA4-4974-BD9C-A3C8D1E9EB69}_is1" = Ping Ball
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2325C9EC-8142-48AE-8C29-2F38F1829733}" = QuickBooks EasyStart 2012
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 39
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59E98F3F-48D6-42A9-8250-079671E02B2D}" = StuffIt Expander 2011
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1" = Shaw Support 3.3.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}" = ArcSoft Print Creations
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}" = msi Software Install
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CD1067C8-1AA1-4503-BCAD-EA1EE5427DC7}" = MAGIX Video easy SE
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FDAED10B-2C73-41FF-99E0-C18C786B73BA}" = Freephoneline
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ExpressAccounts" = Express Accounts
"Google Chrome" = Google Chrome
"HMA! Pro VPN" = HMA! Pro VPN 2.7.1.7
"HP Photo Creations" = HP Photo Creations
"MAGIX Music Maker 16 Download Version UK" = MAGIX Music Maker 16 Download Version
"MAGIX Photo Manager 9 UK" = MAGIX Photo Manager 9
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"MAGIX_MSI_Video_easy_SE" = MAGIX Video easy SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MP3 Rocket" = MP3 Rocket
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Shaw Internet Update_is1" = Shaw Internet Update 3.3.1
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2013 2:50:47 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3089

Error - 12/20/2013 2:50:48 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2013 2:50:48 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4103

Error - 12/20/2013 2:50:48 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4103

Error - 12/20/2013 2:50:49 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2013 2:50:49 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5132

Error - 12/20/2013 2:50:49 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5132

Error - 12/20/2013 2:50:50 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2013 2:50:50 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6458

Error - 12/20/2013 2:50:50 PM | Computer Name = Ruth-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6458

[ System Events ]
Error - 12/19/2013 12:23:31 PM | Computer Name = Ruth-msi | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12/19/2013 8:07:10 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 12/19/2013 8:07:10 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 12/20/2013 12:33:48 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 12/20/2013 12:33:48 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 12/20/2013 4:11:47 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MBAMService service.

Error - 12/20/2013 6:22:45 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 12/20/2013 6:22:45 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error - 12/20/2013 11:29:18 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HOSTS
Anti-PUPs service to connect.

Error - 12/20/2013 11:29:18 PM | Computer Name = Ruth-msi | Source = Service Control Manager | ID = 7000
Description = The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053


< End of report >

Good Morning,

I see conduit plus some other bad things that need to be removed but your initial OTL log was not complete so there may be more to remove, go ahead and run a new scan with OTL and post the entire log, you wont get an extras log this time so dont knock yourself out looking for it

OTL logfile created on: 12/21/2013 5:10:55 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 41.03% Memory free
7.59 Gb Paging File | 4.90 Gb Available in Paging File | 64.64% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 212.05 Gb Free Space | 77.56% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 180.14 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: RUTH-MSI | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ruth\Downloads\OTL (3).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\shaw\bin\shawsupport.exe (Shaw Communications)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HOSTS Anti-PUPs) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\1CA5.tmp (Sophos Plc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (EUCR) -- C:\Windows\SysNative\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A2516833-3348-406A-96A6-26AAA93BF9DE}
IE:64bit: - HKLM\..\SearchScopes\{A2516833-3348-406A-96A6-26AAA93BF9DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 79 09 AD 8A F0 CE 01 [binary data]
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\SearchScopes,DefaultScope = 204128af-0f12-4aed-b13a-211ea5cc8314
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\SearchScopes\204128af-0f12-4aed-b13a-211ea5cc8314: "URL" = http://www.bing.com/search?q={searchTerms}&form=DMSGO1&src=IE-SearchBox
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2011/11/23 09:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions
[2013/12/19 03:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com\chrome\content\extensionCode
[2012/02/28 11:55:26 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\longurlplease@darragh.curran.xpi
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40779552811866027&ctid=CT3286042&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN40779552811866027&UM=2,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ruth\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0\
CHR - Extension: Google Search = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/09 15:43:30 | 000,000,974 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Airmiles Toolbar BHO) - {5F3927FC-290D-4C7B-8A30-694E7CA9254B} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (no name) - {357F39D5-81FE-4EAD-81EC-7F80A566E667} - No CLSID value found.
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{094C1C24-A4E5-49FB-AE10-21205BD83451}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1323AA37-9DD0-4CA6-B93C-0CDF56B634FF}: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67}: DhcpNameServer = 64.59.160.15 64.59.161.69
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell - "" = AutoRun
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/21 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{B873E2B5-B284-4693-8539-803D05A2893F}
[2013/12/20 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{4254E7A6-C5F6-48BA-8F87-EE7240439E0F}
[2013/12/19 04:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/12/19 04:02:23 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/19 03:14:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 19:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/18 19:47:22 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/18 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ruth\Desktop\mbar
[2013/12/15 22:14:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/12/15 22:14:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/12/15 22:14:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/12/15 22:14:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/15 22:14:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/12/15 22:14:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/12/15 22:14:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/12/15 22:14:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/12/15 22:14:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/12/15 22:14:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/12/15 22:14:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/12/15 22:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/12/15 22:14:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/12/15 22:14:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/12/15 22:14:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/12/15 22:14:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/14 06:47:50 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:43 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:42 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:39 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 12:54:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2013/12/11 12:54:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2013/12/11 12:54:00 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/11 12:53:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/11 07:06:30 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/11 07:06:30 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/11 07:06:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/11 07:06:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/11 07:06:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/11 07:06:17 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/11 07:06:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2013/12/11 07:06:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/11 07:06:15 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/11 07:06:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/11 07:06:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/11 07:06:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/11 07:06:15 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wshom.ocx
[2013/12/09 18:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/09 15:49:28 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/12/09 14:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/09 14:56:49 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/12/09 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/09 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/05 06:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/05 06:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/03 15:16:09 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[5 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/21 05:12:23 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 05:12:23 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 05:06:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/21 05:03:45 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2013/12/21 05:03:28 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/21 05:02:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/21 05:02:11 | 3055,681,536 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/21 00:41:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001UA.job
[2013/12/20 22:53:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013/12/20 22:49:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/20 18:40:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001Core.job
[2013/12/20 12:24:26 | 000,786,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/20 12:24:26 | 000,669,602 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/20 12:24:26 | 000,127,850 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/19 04:42:16 | 000,001,191 | ---- | M] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/19 04:23:43 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 19:47:22 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/14 06:47:50 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:43 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:42 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:40 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:40 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/14 06:47:39 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 21:06:07 | 000,310,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/10 18:07:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 18:07:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 18:06:50 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/09 16:46:03 | 000,000,512 | ---- | M] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 15:43:30 | 000,000,974 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/12/09 15:18:14 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-154330.backup
[2013/12/09 15:17:17 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151814.backup
[2013/12/09 15:09:02 | 000,000,860 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151717.backup
[2013/12/09 14:56:56 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/08 01:42:22 | 483,591,795 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:15:23 | 000,273,696 | ---- | M] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/04 20:45:26 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:57:03 | 000,001,447 | ---- | M] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | M] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/11/26 02:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/26 01:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/26 01:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/26 01:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/26 01:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/26 01:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/26 01:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/26 00:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/26 00:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/26 00:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/26 00:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/26 00:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/25 23:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/25 22:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/25 22:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/23 10:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/11/23 09:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[5 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/19 04:42:16 | 000,001,191 | ---- | C] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/14 17:59:14 | 000,001,423 | ---- | C] () -- C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/14 06:47:43 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:40 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/09 16:32:49 | 000,000,512 | ---- | C] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 14:56:56 | 000,001,401 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/09 14:56:56 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/07 08:35:55 | 483,591,795 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:14:32 | 000,273,696 | ---- | C] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | C] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/05/17 19:18:39 | 000,000,258 | RHS- | C] () -- C:\Users\Ruth\ntuser.pol
[2012/03/17 17:11:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/29 16:57:40 | 000,000,095 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2011/12/19 20:15:37 | 000,007,603 | ---- | C] () -- C:\Users\Ruth\AppData\Local\Resmon.ResmonCfg
[2011/06/12 14:16:09 | 000,000,000 | ---- | C] () -- C:\Users\Ruth\AppData\Local\{303D5921-B263-4213-8045-F7C521597A78}

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\.minecraft
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\BitTorrent
[2013/01/10 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\com.skinkers.aa
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MAGIX
[2013/09/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\mjusbsp
[2013/07/01 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MP3Rocket
[2013/12/14 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SoftGrid Client
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SystemRequirementsLab
[2011/06/28 16:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\TP
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\uTorrent
[2013/01/03 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Visan
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Will McGugan
[2011/01/04 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Windows Live Writer
[2011/08/03 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

Hi,

I am about to post a fix for you but before I do I want to ask you if you use and need DuckDuckGo or if you want to remove it. Read the link I provided and let me know please
http://www.systemlookup.com/search.php?type=name&search=duckduckgo&s=

I don't need it, a friend recommended it to me is all!

Absolutely don't need it. I also noticed U torrent and a bit torrent. . . that I never have used!? don't know why it's there.

OK, here we go

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
PRC - [2013/12/19 04:42:14 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
MOD - [2013/12/19 04:42:14 | 000,302,961 | ---- | M] () -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
SRV - [2013/12/19 04:42:10 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs
IE - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40779552811866027&ctid=CT3286042&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN40779552811866027&UM=2,
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0\
O2 - BHO: (Airmiles Toolbar BHO) - {5F3927FC-290D-4C7B-8A30-694E7CA9254B} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (no name) - {357F39D5-81FE-4EAD-81EC-7F80A566E667} - No CLSID value found.
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
[2013/12/19 04:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/12/19 04:42:16 | 000,001,191 | ---- | M] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/09 15:18:14 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-154330.backup
[2013/12/09 15:17:17 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151814.backup
[2013/12/09 15:09:02 | 000,000,860 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151717.backup
[2013/12/19 04:42:16 | 000,001,191 | ---- | C] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\BitTorrent
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\uTorrent
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3E39C6A

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

I have copied and pasted the fix several times and it starts and then "auto-stops" and won't run.

All processes killed
Error: Unable to interpret < CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()> in the current context!
Error: Unable to interpret <[2013/12/19 04:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs> in the current context!
Error: Unable to interpret <[2013/12/19 04:42:16 | 000,001,191 | ---- | M] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk> in the current context!
Error: Unable to interpret <[2013/12/09 15:18:14 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-154330.backup> in the current context!
Error: Unable to interpret <[2013/12/09 15:17:17 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151814.backup> in the current context!
Error: Unable to interpret <[2013/12/09 15:09:02 | 000,000,860 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151717.backup> in the current context!
Error: Unable to interpret <[2013/12/19 04:42:16 | 000,001,191 | ---- | C] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk> in the current context!
Error: Unable to interpret <[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\BitTorrent> in the current context!
Error: Unable to interpret <[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\uTorrent> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3E39C6A> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ruth\Downloads\cmd.bat deleted successfully.
C:\Users\Ruth\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Graham

User: Public

User: Ruth
->Java cache emptied: 47981 bytes

User: TEMP

User: TEMP.Ruth-msi

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 154887 bytes
->Temporary Internet Files folder emptied: 381785 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Graham
->Temp folder emptied: 692263 bytes
->Temporary Internet Files folder emptied: 7188755 bytes
->Google Chrome cache emptied: 670171601 bytes
->Flash cache emptied: 56960 bytes

User: Public

User: Ruth
->Temp folder emptied: 110937662 bytes
->Temporary Internet Files folder emptied: 1166188 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70579292 bytes
->Google Chrome cache emptied: 6229699 bytes
->Flash cache emptied: 2892193 bytes

User: TEMP

User: TEMP.Ruth-msi

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 30720 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97852675 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42327954 bytes
RecycleBin emptied: 156633 bytes

Total Files Cleaned = 964.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212013_144125

Files\Folders moved on Reboot...
C:\Users\Ruth\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 12/21/2013 2:48:33 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 57.35% Memory free
7.59 Gb Paging File | 5.73 Gb Available in Paging File | 75.47% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 213.19 Gb Free Space | 77.98% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 180.14 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: RUTH-MSI | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ruth\Downloads\OTL (3).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\shaw\bin\shawsupport.exe (Shaw Communications)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (HOSTS Anti-PUPs) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (EUCR) -- C:\Windows\SysNative\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A2516833-3348-406A-96A6-26AAA93BF9DE}
IE:64bit: - HKLM\..\SearchScopes\{A2516833-3348-406A-96A6-26AAA93BF9DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 79 09 AD 8A F0 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 204128af-0f12-4aed-b13a-211ea5cc8314
IE - HKCU\..\SearchScopes\204128af-0f12-4aed-b13a-211ea5cc8314: "URL" = http://www.bing.com/search?q={searchTerms}&form=DMSGO1&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2011/11/23 09:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions
[2013/12/19 03:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com\chrome\content\extensionCode
[2012/02/28 11:55:26 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\longurlplease@darragh.curran.xpi
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40779552811866027&ctid=CT3286042&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN40779552811866027&UM=2,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ruth\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0\
CHR - Extension: Google Search = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/21 14:45:03 | 000,000,049 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ?127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Airmiles Toolbar BHO) - {5F3927FC-290D-4C7B-8A30-694E7CA9254B} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {357F39D5-81FE-4EAD-81EC-7F80A566E667} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{094C1C24-A4E5-49FB-AE10-21205BD83451}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1323AA37-9DD0-4CA6-B93C-0CDF56B634FF}: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67}: DhcpNameServer = 64.59.160.15 64.59.161.69
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell - "" = AutoRun
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/21 14:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/21 12:39:37 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{26FC3A08-E9EC-4CAB-9AD7-8A554AAFFD85}
[2013/12/21 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{B873E2B5-B284-4693-8539-803D05A2893F}
[2013/12/20 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{4254E7A6-C5F6-48BA-8F87-EE7240439E0F}
[2013/12/19 04:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/12/19 04:02:23 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/19 03:14:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 19:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/18 19:47:22 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/18 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ruth\Desktop\mbar
[2013/12/15 22:14:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/12/15 22:14:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/12/15 22:14:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/12/15 22:14:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/15 22:14:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/12/15 22:14:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/12/15 22:14:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/12/15 22:14:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/12/15 22:14:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/12/15 22:14:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/12/15 22:14:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/12/15 22:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/12/15 22:14:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/12/15 22:14:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/12/15 22:14:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/12/15 22:14:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/14 06:47:50 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:43 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:42 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:39 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 12:54:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2013/12/11 12:54:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2013/12/11 12:54:00 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/11 12:53:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/11 07:06:30 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/11 07:06:30 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/11 07:06:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/11 07:06:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/11 07:06:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/11 07:06:17 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/11 07:06:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2013/12/11 07:06:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/11 07:06:15 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/11 07:06:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/11 07:06:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/11 07:06:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/11 07:06:15 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wshom.ocx
[2013/12/09 18:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/09 15:49:28 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/12/09 14:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/09 14:56:49 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/12/09 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/09 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/05 06:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/05 06:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/03 15:16:09 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE

========== Files - Modified Within 30 Days ==========

[2013/12/21 14:52:16 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 14:52:16 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 14:49:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/21 14:45:03 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2013/12/21 14:45:03 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/12/21 14:44:37 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/21 14:44:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/21 14:44:14 | 3055,681,536 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/21 14:41:01 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001UA.job
[2013/12/21 14:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/21 13:53:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013/12/20 18:40:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001Core.job
[2013/12/20 12:24:26 | 000,786,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/20 12:24:26 | 000,669,602 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/20 12:24:26 | 000,127,850 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/19 04:42:16 | 000,001,191 | ---- | M] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/19 04:23:43 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 19:47:22 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/14 06:47:50 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:43 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:42 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:40 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:40 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/14 06:47:39 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 21:06:07 | 000,310,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/10 18:07:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 18:07:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 18:06:50 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/09 16:46:03 | 000,000,512 | ---- | M] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 15:18:14 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-154330.backup
[2013/12/09 15:17:17 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151814.backup
[2013/12/09 15:09:02 | 000,000,860 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151717.backup
[2013/12/09 14:56:56 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/08 01:42:22 | 483,591,795 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:15:23 | 000,273,696 | ---- | M] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/04 20:45:26 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:57:03 | 000,001,447 | ---- | M] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | M] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/11/26 02:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/26 01:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/26 01:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/26 01:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/26 01:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/26 01:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/26 01:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/26 00:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/26 00:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/26 00:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/26 00:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/26 00:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/25 23:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/25 22:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/25 22:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/23 10:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/11/23 09:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll

========== Files Created - No Company Name ==========

[2013/12/19 04:42:16 | 000,001,191 | ---- | C] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/14 17:59:14 | 000,001,423 | ---- | C] () -- C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/14 06:47:43 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:40 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/09 16:32:49 | 000,000,512 | ---- | C] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 14:56:56 | 000,001,401 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/09 14:56:56 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/07 08:35:55 | 483,591,795 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:14:32 | 000,273,696 | ---- | C] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | C] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/05/17 19:18:39 | 000,000,258 | RHS- | C] () -- C:\Users\Ruth\ntuser.pol
[2012/03/17 17:11:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/29 16:57:40 | 000,000,095 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2011/12/19 20:15:37 | 000,007,603 | ---- | C] () -- C:\Users\Ruth\AppData\Local\Resmon.ResmonCfg
[2011/06/12 14:16:09 | 000,000,000 | ---- | C] () -- C:\Users\Ruth\AppData\Local\{303D5921-B263-4213-8045-F7C521597A78}

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\.minecraft
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\BitTorrent
[2013/01/10 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\com.skinkers.aa
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MAGIX
[2013/09/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\mjusbsp
[2013/07/01 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MP3Rocket
[2013/12/14 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SoftGrid Client
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SystemRequirementsLab
[2011/06/28 16:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\TP
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\uTorrent
[2013/01/03 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Visan
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Will McGugan
[2011/01/04 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Windows Live Writer
[2011/08/03 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

I just tried searching again and up popped Conduit

Ruth, when you copied and pasted the fix into OTL, are your sure it started with :OTL, if not the fix wont work

Lets do this a little bit at a time, dont worry about conduit, we will remove it



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
O4 - HKLM..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe ()

:Services
HOSTS Anti-Adware_PUPs
HOSTS Anti-PUPs

:Reg

:Files
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HOSTS Anti-Adware_PUPs deleted successfully.
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named HOSTS Anti-Adware_PUPs was found to stop!
Service\Driver key HOSTS Anti-Adware_PUPs not found.
Service HOSTS Anti-PUPs stopped successfully!
Service HOSTS Anti-PUPs deleted successfully!
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Graham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Ruth
->Temp folder emptied: 110490 bytes
->Temporary Internet Files folder emptied: 1880142 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 25084139 bytes
->Flash cache emptied: 0 bytes

User: TEMP

User: TEMP.Ruth-msi

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53525 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212013_161552

Files\Folders moved on Reboot...
C:\Users\Ruth\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF0DA950A53790CA95.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF21E87A72E62FB4CD.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF437C566893B74BD6.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DFBF79E284D951AAAE.TMP not found!
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X7CEXFF4\showthread[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OK Ruth, where on a roll, run a new scan with OTL and post the log and we can get the rest of it including conduit

OTL logfile created on: 12/21/2013 6:50:08 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 52.52% Memory free
7.59 Gb Paging File | 5.50 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 212.73 Gb Free Space | 77.81% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 180.14 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: RUTH-MSI | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ruth\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\shaw\bin\shawsupport.exe (Shaw Communications)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (EUCR) -- C:\Windows\SysNative\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A2516833-3348-406A-96A6-26AAA93BF9DE}
IE:64bit: - HKLM\..\SearchScopes\{A2516833-3348-406A-96A6-26AAA93BF9DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 79 09 AD 8A F0 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 204128af-0f12-4aed-b13a-211ea5cc8314
IE - HKCU\..\SearchScopes\204128af-0f12-4aed-b13a-211ea5cc8314: "URL" = http://www.bing.com/search?q={searchTerms}&form=DMSGO1&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2011/11/23 09:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions
[2013/12/19 03:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com\chrome\content\extensionCode
[2012/02/28 11:55:26 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\longurlplease@darragh.curran.xpi
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40779552811866027&ctid=CT3286042&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN40779552811866027&UM=2,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ruth\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0\
CHR - Extension: Google Search = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/21 15:52:17 | 000,039,009 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
O1 - Hosts: 642 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Airmiles Toolbar BHO) - {5F3927FC-290D-4C7B-8A30-694E7CA9254B} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {357F39D5-81FE-4EAD-81EC-7F80A566E667} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{094C1C24-A4E5-49FB-AE10-21205BD83451}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1323AA37-9DD0-4CA6-B93C-0CDF56B634FF}: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67}: DhcpNameServer = 64.59.160.15 64.59.161.69
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell - "" = AutoRun
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/21 14:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/21 12:39:37 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{26FC3A08-E9EC-4CAB-9AD7-8A554AAFFD85}
[2013/12/21 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{B873E2B5-B284-4693-8539-803D05A2893F}
[2013/12/20 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{4254E7A6-C5F6-48BA-8F87-EE7240439E0F}
[2013/12/19 04:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/12/19 04:02:23 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/19 03:14:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 19:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/18 19:47:22 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/18 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ruth\Desktop\mbar
[2013/12/15 22:14:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/12/15 22:14:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/12/15 22:14:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/12/15 22:14:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/15 22:14:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/12/15 22:14:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/12/15 22:14:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/12/15 22:14:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/12/15 22:14:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/12/15 22:14:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/12/15 22:14:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/12/15 22:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/12/15 22:14:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/12/15 22:14:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/12/15 22:14:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/12/15 22:14:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/14 06:47:50 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:43 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:42 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:39 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 12:54:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2013/12/11 12:54:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2013/12/11 12:54:00 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/11 12:53:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/11 07:06:30 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/11 07:06:30 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/11 07:06:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/11 07:06:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/11 07:06:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/11 07:06:17 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/11 07:06:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2013/12/11 07:06:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/11 07:06:15 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/11 07:06:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/11 07:06:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/11 07:06:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/11 07:06:15 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wshom.ocx
[2013/12/09 18:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/09 15:49:28 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/12/09 14:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/09 14:56:49 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/12/09 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/09 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/05 06:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/05 06:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/03 15:16:09 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE

========== Files - Modified Within 30 Days ==========

[2013/12/21 18:53:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013/12/21 18:49:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/21 18:47:58 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/21 18:47:36 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2013/12/21 18:47:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/21 18:47:21 | 3055,681,536 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/21 18:41:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001UA.job
[2013/12/21 18:40:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001Core.job
[2013/12/21 18:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/21 16:25:17 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 16:25:17 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/21 15:52:17 | 000,039,009 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/12/20 12:24:26 | 000,786,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/20 12:24:26 | 000,669,602 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/20 12:24:26 | 000,127,850 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/19 04:42:16 | 000,001,191 | ---- | M] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/19 04:23:43 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 19:47:22 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/14 06:47:50 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:43 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:42 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:40 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:40 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/14 06:47:39 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 21:06:07 | 000,310,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/10 18:07:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 18:07:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 18:06:50 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/09 16:46:03 | 000,000,512 | ---- | M] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 15:18:14 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-154330.backup
[2013/12/09 15:17:17 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151814.backup
[2013/12/09 15:09:02 | 000,000,860 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151717.backup
[2013/12/09 14:56:56 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/08 01:42:22 | 483,591,795 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:15:23 | 000,273,696 | ---- | M] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/04 20:45:26 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:57:03 | 000,001,447 | ---- | M] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | M] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/11/26 02:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/26 01:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/26 01:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/26 01:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/26 01:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/26 01:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/26 01:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/26 00:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/26 00:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/26 00:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/26 00:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/26 00:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/25 23:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/25 22:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/25 22:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/23 10:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/11/23 09:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll

========== Files Created - No Company Name ==========

[2013/12/19 04:42:16 | 000,001,191 | ---- | C] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/14 17:59:14 | 000,001,423 | ---- | C] () -- C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/14 06:47:43 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:40 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/09 16:32:49 | 000,000,512 | ---- | C] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 14:56:56 | 000,001,401 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/09 14:56:56 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/07 08:35:55 | 483,591,795 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:14:32 | 000,273,696 | ---- | C] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | C] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/05/17 19:18:39 | 000,000,258 | RHS- | C] () -- C:\Users\Ruth\ntuser.pol
[2012/03/17 17:11:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/29 16:57:40 | 000,000,095 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2011/12/19 20:15:37 | 000,007,603 | ---- | C] () -- C:\Users\Ruth\AppData\Local\Resmon.ResmonCfg
[2011/06/12 14:16:09 | 000,000,000 | ---- | C] () -- C:\Users\Ruth\AppData\Local\{303D5921-B263-4213-8045-F7C521597A78}

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\.minecraft
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\BitTorrent
[2013/01/10 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\com.skinkers.aa
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MAGIX
[2013/09/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\mjusbsp
[2013/07/01 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MP3Rocket
[2013/12/14 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SoftGrid Client
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SystemRequirementsLab
[2011/06/28 16:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\TP
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\uTorrent
[2013/01/03 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Visan
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Will McGugan
[2011/01/04 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Windows Live Writer
[2011/08/03 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

Good Morning,

Again, dont forget when you copy and paste the fix into OTL to besure to start with :OTL and end with [Reboot]


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN40779552811866027&UM=2,
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
O2 - BHO: (Airmiles Toolbar BHO) - {5F3927FC-290D-4C7B-8A30-694E7CA9254B} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (no name) - {357F39D5-81FE-4EAD-81EC-7F80A566E667} - No CLSID value found.
O3 - HKU\S-1-5-21-520651529-1785075596-1382192879-1001\..\Toolbar\WebBrowser: (Airmiles Toolbar) - {CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} - C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll ()
[2013/12/19 04:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/12/19 04:42:16 | 000,001,191 | ---- | M] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/12/09 15:18:14 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-154330.backup
[2013/12/09 15:17:17 | 000,450,675 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151814.backup
[2013/12/09 15:09:02 | 000,000,860 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131209-151717.backup
[2013/12/19 04:42:16 | 000,001,191 | ---- | C] () -- C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\BitTorrent
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\uTorrent
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3E39C6A
:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Use Chrome's Settings page to remove the default_search_provider items.
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 2010-fr.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 2012-new.biz # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 212link.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 24h00business.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 a.adorika.net # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ad.adn360.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 adeartss.eu # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 adm.soft365.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads.aff.co # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups removed from HOSTS file successfully
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F3927FC-290D-4C7B-8A30-694E7CA9254B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F3927FC-290D-4C7B-8A30-694E7CA9254B}\ deleted successfully.
C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2}\ deleted successfully.
File C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{357F39D5-81FE-4EAD-81EC-7F80A566E667} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{357F39D5-81FE-4EAD-81EC-7F80A566E667}\ not found.
Registry value HKEY_USERS\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE2D9C1-CD4C-4C74-AD58-8BC55D96F9D2}\ not found.
File C:\Program Files (x86)\Airmiles Toolbar\Toolbar.dll not found.
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs folder moved successfully.
C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131209-154330.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131209-151814.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131209-151717.backup moved successfully.
File C:\Users\Ruth\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk not found.
C:\Users\Ruth\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
C:\Users\Ruth\AppData\Roaming\BitTorrent\apps folder moved successfully.
C:\Users\Ruth\AppData\Roaming\BitTorrent folder moved successfully.
C:\Users\Ruth\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Ruth\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Ruth\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Ruth\AppData\Roaming\uTorrent folder moved successfully.
ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ruth\Downloads\cmd.bat deleted successfully.
C:\Users\Ruth\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Graham

User: Public

User: Ruth
->Java cache emptied: 0 bytes

User: TEMP

User: TEMP.Ruth-msi

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Graham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Ruth
->Temp folder emptied: 1477675 bytes
->Temporary Internet Files folder emptied: 302612 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 106896789 bytes
->Flash cache emptied: 956 bytes

User: TEMP

User: TEMP.Ruth-msi

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16578 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 104.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12222013_072807

Files\Folders moved on Reboot...
C:\Users\Ruth\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF0316950629512A00.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF4971E4D5BA5E06CF.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF7303002741992563.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DFD554F08D0CB0C4F2.TMP not found!
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Good job Ruth :bigthumb:

How is your system behaving now ?

Run a new scan with OTL and post the log please so I can be sure this garbage is gone

OTL logfile created on: 12/22/2013 9:00:31 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 43.53% Memory free
7.59 Gb Paging File | 4.98 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 212.78 Gb Free Space | 77.83% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 180.14 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: RUTH-MSI | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ruth\Downloads\OTL (3).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\shaw\bin\shawsupport.exe (Shaw Communications)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (EUCR) -- C:\Windows\SysNative\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A2516833-3348-406A-96A6-26AAA93BF9DE}
IE:64bit: - HKLM\..\SearchScopes\{A2516833-3348-406A-96A6-26AAA93BF9DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B AE 4D E5 2A FF CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 204128af-0f12-4aed-b13a-211ea5cc8314
IE - HKCU\..\SearchScopes\204128af-0f12-4aed-b13a-211ea5cc8314: "URL" = http://www.bing.com/search?q={searchTerms}&form=DMSGO1&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2011/11/23 09:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions
[2013/12/19 03:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com\chrome\content\extensionCode
[2012/02/28 11:55:26 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\longurlplease@darragh.curran.xpi
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40779552811866027&ctid=CT3286042&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN40779552811866027&UM=2,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ruth\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0\
CHR - Extension: Google Search = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/22 07:28:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{094C1C24-A4E5-49FB-AE10-21205BD83451}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1323AA37-9DD0-4CA6-B93C-0CDF56B634FF}: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67}: DhcpNameServer = 64.59.160.15 64.59.161.69
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell - "" = AutoRun
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/22 07:20:15 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{3D8ACD8F-DD8C-4B54-A615-F8900CD580E1}
[2013/12/21 14:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/21 12:39:37 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{26FC3A08-E9EC-4CAB-9AD7-8A554AAFFD85}
[2013/12/21 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{B873E2B5-B284-4693-8539-803D05A2893F}
[2013/12/20 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{4254E7A6-C5F6-48BA-8F87-EE7240439E0F}
[2013/12/19 04:02:23 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/19 03:14:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 19:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/18 19:47:22 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/18 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ruth\Desktop\mbar
[2013/12/15 22:14:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/12/15 22:14:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/12/15 22:14:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/12/15 22:14:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/15 22:14:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/12/15 22:14:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/12/15 22:14:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/12/15 22:14:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/12/15 22:14:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/12/15 22:14:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/12/15 22:14:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/12/15 22:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/12/15 22:14:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/12/15 22:14:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/12/15 22:14:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/12/15 22:14:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/14 06:47:50 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:43 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:42 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:39 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 12:54:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2013/12/11 12:54:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2013/12/11 12:54:00 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/11 12:53:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/11 07:06:30 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/11 07:06:30 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/11 07:06:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/11 07:06:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/11 07:06:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/11 07:06:17 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/11 07:06:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2013/12/11 07:06:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/11 07:06:15 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/11 07:06:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/11 07:06:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/11 07:06:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/11 07:06:15 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wshom.ocx
[2013/12/09 18:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/09 15:49:28 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/12/09 14:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/09 14:56:49 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/12/09 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/09 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/05 06:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/05 06:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/03 15:16:09 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE

========== Files - Modified Within 30 Days ==========

[2013/12/22 08:53:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013/12/22 08:49:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/22 08:41:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001UA.job
[2013/12/22 08:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/22 07:37:16 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/22 07:37:16 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/22 07:29:58 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/22 07:29:42 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2013/12/22 07:29:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/22 07:29:28 | 3055,681,536 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/22 07:28:15 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/12/21 18:40:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001Core.job
[2013/12/20 12:24:26 | 000,786,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/20 12:24:26 | 000,669,602 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/20 12:24:26 | 000,127,850 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/19 04:23:43 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 19:47:22 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/14 06:47:50 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:43 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:42 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:40 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:40 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/14 06:47:39 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 21:06:07 | 000,310,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/10 18:07:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 18:07:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 18:06:50 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/09 16:46:03 | 000,000,512 | ---- | M] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 14:56:56 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/08 01:42:22 | 483,591,795 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:15:23 | 000,273,696 | ---- | M] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/04 20:45:26 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:57:03 | 000,001,447 | ---- | M] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | M] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/11/26 02:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/26 01:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/26 01:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/26 01:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/26 01:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/26 01:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/26 01:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/26 00:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/26 00:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/26 00:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/26 00:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/26 00:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/25 23:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/25 22:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/25 22:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/23 10:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/11/23 09:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll

========== Files Created - No Company Name ==========

[2013/12/14 17:59:14 | 000,001,423 | ---- | C] () -- C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/14 06:47:43 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:40 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/09 16:32:49 | 000,000,512 | ---- | C] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 14:56:56 | 000,001,401 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/09 14:56:56 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/07 08:35:55 | 483,591,795 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:14:32 | 000,273,696 | ---- | C] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | C] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/05/17 19:18:39 | 000,000,258 | RHS- | C] () -- C:\Users\Ruth\ntuser.pol
[2012/03/17 17:11:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/29 16:57:40 | 000,000,095 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2011/12/19 20:15:37 | 000,007,603 | ---- | C] () -- C:\Users\Ruth\AppData\Local\Resmon.ResmonCfg
[2011/06/12 14:16:09 | 000,000,000 | ---- | C] () -- C:\Users\Ruth\AppData\Local\{303D5921-B263-4213-8045-F7C521597A78}

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\.minecraft
[2013/01/10 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\com.skinkers.aa
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MAGIX
[2013/09/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\mjusbsp
[2013/07/01 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MP3Rocket
[2013/12/14 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SoftGrid Client
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SystemRequirementsLab
[2011/06/28 16:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\TP
[2013/01/03 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Visan
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Will McGugan
[2011/01/04 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Windows Live Writer
[2011/08/03 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



< End of report >

Hello Ruth,

Conduit along with Duckduckgo is still on the log but on the good side we removed a ton of garbage.

Lets do this..

If you still have AdwCleaner on your system, go ahead and run the clean option again and post the log. If it does not find and remove those items than we can go into Chrome and fix it manually

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

# AdwCleaner v3.015 - Report created 22/12/2013 at 11:52:49
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ruth - RUTH-MSI
# Running from : C:\Users\Ruth\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

[ File : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36744 octets] - [19/12/2013 03:15:08]
AdwCleaner[R1].txt - [1324 octets] - [22/12/2013 11:48:40]
AdwCleaner[S0].txt - [37356 octets] - [19/12/2013 03:53:57]
AdwCleaner[S1].txt - [1162 octets] - [22/12/2013 11:52:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1222 octets] ##########





I unchecked the NCH thing because I wasn't sure what it was?

That looks ok.

Open up Chrome and click on the 3 bars up on the top right and then go to Settings

Then Open a Specific Set of Pages and if Conduit in listed right click on it and delete


Then go to Manage Search Engines and if Conduit is listed again delete it.


Close Chrome


Then do this, you will need to download and run the 64 bit version


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:folderfind
Conduit
:filefind
Conduit
:regfind
Conduit

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 14:01 on 22/12/2013 by Ruth
Administrator - Elevation successful

========== folderfind ==========

Searching for "Conduit"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit d------ [11:53 19/12/2013]
C:\AdwCleaner\Quarantine\C\Users\Ruth\AppData\LocalLow\Conduit d------ [11:54 19/12/2013]

========== filefind ==========

Searching for "Conduit"
No files found.

========== regfind ==========

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\conduit.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\045F27F206F16624596059B2126D46D0]
"File"="iSyncConduit.dll"
[HKEY_USERS\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\conduit.com]

-= EOF =-

There just registry entries, two are related to an iPhone and two have to go. Did you go into Chrome and remove conduit entries ??



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL


:Services

:Reg
[-HKEY_USERS\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\conduit.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\conduit.com]

:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please <-------- Hopefully this will be the final scan

I did delete the conduit entries in Google Chrome.

I don't even know why there would be Iphone entries in the registry, I don't have an Iphone.

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-520651529-1785075596-1382192879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\conduit.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\conduit.com\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ruth\Downloads\cmd.bat deleted successfully.
C:\Users\Ruth\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Graham
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Ruth
->Temp folder emptied: 618452 bytes
->Temporary Internet Files folder emptied: 8731729 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7665662 bytes
->Flash cache emptied: 1869 bytes

User: TEMP

User: TEMP.Ruth-msi

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25138 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12222013_175922

Files\Folders moved on Reboot...
C:\Users\Ruth\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF67253D633FA7BA6A.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DF7ED8D58483A29F92.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DFA218C031F8949411.TMP not found!
File\Folder C:\Users\Ruth\AppData\Local\Temp\~DFE9A3292BE81BD358.TMP not found!
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8FAT2II\0WEHPC2M.htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8FAT2II\enscript[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y8FAT2II\like[2].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62C6Q3UC\follow_button.1387492107[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\62C6Q3UC\hub[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1169BO3Z\hub[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1169BO3Z\sck[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1169BO3Z\sck[2].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1169BO3Z\showthread[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1169BO3Z\xd_arbiter[1].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1169BO3Z\xd_arbiter[2].htm moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
File\Folder C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla4721.tmp not found!
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 12/22/2013 6:07:02 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ruth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.79 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.37% Memory free
7.59 Gb Paging File | 5.45 Gb Available in Paging File | 71.86% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 212.57 Gb Free Space | 77.75% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 180.14 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: RUTH-MSI | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ruth\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\shaw\bin\shawsupport.exe (Shaw Communications)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\065d1a77c70d2c1c13fce187ba67ae86\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (EUCR) -- C:\Windows\SysNative\drivers\EUCR6SK.sys (ENE Technology Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A2516833-3348-406A-96A6-26AAA93BF9DE}
IE:64bit: - HKLM\..\SearchScopes\{A2516833-3348-406A-96A6-26AAA93BF9DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DF74C2BD-9885-45D2-AC3E-F2865A90DEAB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B AE 4D E5 2A FF CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 204128af-0f12-4aed-b13a-211ea5cc8314
IE - HKCU\..\SearchScopes\204128af-0f12-4aed-b13a-211ea5cc8314: "URL" = http://www.bing.com/search?q={searchTerms}&form=DMSGO1&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ruth\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)


[2011/11/23 09:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Extensions
[2013/12/19 03:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] ("Supreme Savings") -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com
[2013/07/01 16:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\crossriderapp19962@crossrider.com\chrome\content\extensionCode
[2012/02/28 11:55:26 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\hvpr7g5x.default\extensions\longurlplease@darragh.curran.xpi
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/25 06:27:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/25 06:28:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ruth\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Ruth\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.15_0\
CHR - Extension: Google Search = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/12/22 07:28:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll ()
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{094C1C24-A4E5-49FB-AE10-21205BD83451}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1323AA37-9DD0-4CA6-B93C-0CDF56B634FF}: DhcpNameServer = 64.59.160.15 64.59.161.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C78FCB73-F14A-4B1E-B0AD-7BF0F8FA0B67}: DhcpNameServer = 64.59.160.15 64.59.161.69
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell - "" = AutoRun
O33 - MountPoints2\{0f584b8d-6390-11e0-8ff9-406186af2c91}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/22 07:20:15 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{3D8ACD8F-DD8C-4B54-A615-F8900CD580E1}
[2013/12/21 14:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/21 12:39:37 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{26FC3A08-E9EC-4CAB-9AD7-8A554AAFFD85}
[2013/12/21 00:39:12 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{B873E2B5-B284-4693-8539-803D05A2893F}
[2013/12/20 12:14:04 | 000,000,000 | ---D | C] -- C:\Users\Ruth\AppData\Local\{4254E7A6-C5F6-48BA-8F87-EE7240439E0F}
[2013/12/19 04:02:23 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/19 03:14:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 19:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/18 19:47:22 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/18 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Ruth\Desktop\mbar
[2013/12/15 22:14:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/12/15 22:14:14 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/12/15 22:14:14 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/12/15 22:14:14 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/12/15 22:14:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/12/15 22:14:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/12/15 22:14:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/12/15 22:14:13 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/12/15 22:14:13 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/12/15 22:14:13 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/12/15 22:14:13 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/12/15 22:14:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/12/15 22:14:12 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/12/15 22:14:11 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/12/15 22:14:11 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/12/15 22:14:08 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/12/14 06:47:50 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:43 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:42 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:39 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 12:54:00 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmploc.DLL
[2013/12/11 12:54:00 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmploc.DLL
[2013/12/11 12:54:00 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/12/11 12:53:58 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/12/11 07:06:30 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msieftp.dll
[2013/12/11 07:06:30 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msieftp.dll
[2013/12/11 07:06:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/12/11 07:06:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/12/11 07:06:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2013/12/11 07:06:17 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys
[2013/12/11 07:06:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys
[2013/12/11 07:06:16 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wshom.ocx
[2013/12/11 07:06:15 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrrun.dll
[2013/12/11 07:06:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrrun.dll
[2013/12/11 07:06:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2013/12/11 07:06:15 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2013/12/11 07:06:15 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wshom.ocx
[2013/12/09 18:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/09 15:49:28 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/12/09 14:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/09 14:56:49 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/12/09 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/09 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/12/05 06:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/05 06:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/03 15:16:09 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE

========== Files - Modified Within 30 Days ==========

[2013/12/22 18:09:24 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/22 18:09:24 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/22 18:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/22 18:02:06 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/22 18:01:45 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2013/12/22 18:01:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/22 18:01:28 | 3055,681,536 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/22 17:59:23 | 000,000,336 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Communicator.job
[2013/12/22 17:51:51 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/22 17:51:14 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001UA.job
[2013/12/22 07:28:15 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/12/21 18:40:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-520651529-1785075596-1382192879-1001Core.job
[2013/12/20 12:24:26 | 000,786,390 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/20 12:24:26 | 000,669,602 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/20 12:24:26 | 000,127,850 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/19 04:23:43 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 19:47:22 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/12/14 06:47:50 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/14 06:47:50 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/12/14 06:47:44 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/12/14 06:47:44 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/12/14 06:47:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/14 06:47:43 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/12/14 06:47:43 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/12/14 06:47:43 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/12/14 06:47:43 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/12/14 06:47:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/12/14 06:47:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/12/14 06:47:43 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/12/14 06:47:43 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/12/14 06:47:43 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/12/14 06:47:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/12/14 06:47:43 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/12/14 06:47:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/12/14 06:47:43 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:43 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/12/14 06:47:43 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/12/14 06:47:43 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:42 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/12/14 06:47:42 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/12/14 06:47:42 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/12/14 06:47:42 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/12/14 06:47:42 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/12/14 06:47:42 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/12/14 06:47:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/12/14 06:47:42 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/12/14 06:47:42 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/12/14 06:47:42 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/12/14 06:47:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/12/14 06:47:42 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/12/14 06:47:41 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/12/14 06:47:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/12/14 06:47:41 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/12/14 06:47:41 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/12/14 06:47:41 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/12/14 06:47:41 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/12/14 06:47:40 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/12/14 06:47:40 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/12/14 06:47:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/12/14 06:47:40 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/12/14 06:47:40 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/12/14 06:47:40 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/12/14 06:47:40 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/12/14 06:47:40 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/12/14 06:47:40 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/12/14 06:47:40 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/12/14 06:47:40 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/12/14 06:47:40 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/12/14 06:47:40 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/12/14 06:47:40 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/12/14 06:47:40 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/12/14 06:47:40 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/12/14 06:47:40 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/12/14 06:47:40 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/14 06:47:40 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/12/14 06:47:40 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/14 06:47:39 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/12/14 06:47:39 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/12/14 06:47:39 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/12/14 06:47:39 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/12/14 06:47:39 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/12/14 06:47:39 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/12/14 06:47:39 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/12/11 21:06:07 | 000,310,136 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/10 18:07:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/10 18:07:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/10 18:06:50 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/09 16:46:03 | 000,000,512 | ---- | M] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 14:56:56 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/08 01:42:22 | 483,591,795 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:15:23 | 000,273,696 | ---- | M] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/04 20:45:26 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/03 16:57:03 | 000,001,447 | ---- | M] () -- C:\Users\Ruth\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | M] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/11/26 02:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/26 01:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/26 01:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/26 01:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/26 01:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/26 01:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/26 01:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/26 00:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/26 00:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/26 00:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/26 00:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/26 00:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/25 23:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/25 22:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/25 22:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/23 10:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/11/23 09:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll

========== Files Created - No Company Name ==========

[2013/12/14 17:59:14 | 000,001,423 | ---- | C] () -- C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/14 06:47:43 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/14 06:47:40 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/09 16:32:49 | 000,000,512 | ---- | C] () -- C:\Users\Ruth\Documents\MBR.dat
[2013/12/09 14:56:56 | 000,001,401 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/12/09 14:56:56 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/12/07 08:35:55 | 483,591,795 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/12/05 07:14:32 | 000,273,696 | ---- | C] () -- C:\Users\Ruth\Documents\cc_cleaner December 5 20131205_071355.reg
[2013/12/05 06:17:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/28 11:16:53 | 000,242,972 | ---- | C] () -- C:\Users\Ruth\Documents\GradEndoReferral.pdf
[2013/05/17 19:18:39 | 000,000,258 | RHS- | C] () -- C:\Users\Ruth\ntuser.pol
[2012/03/17 17:11:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/02/29 16:57:40 | 000,000,095 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2011/12/19 20:15:37 | 000,007,603 | ---- | C] () -- C:\Users\Ruth\AppData\Local\Resmon.ResmonCfg
[2011/06/12 14:16:09 | 000,000,000 | ---- | C] () -- C:\Users\Ruth\AppData\Local\{303D5921-B263-4213-8045-F7C521597A78}

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/01 16:55:49 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\.minecraft
[2013/01/10 14:43:10 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\com.skinkers.aa
[2013/07/01 16:55:50 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MAGIX
[2013/09/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\mjusbsp
[2013/07/01 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\MP3Rocket
[2013/12/14 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SoftGrid Client
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\SystemRequirementsLab
[2011/06/28 16:41:33 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\TP
[2013/01/03 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Visan
[2013/07/01 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Will McGugan
[2011/01/04 17:25:54 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\Windows Live Writer
[2011/08/03 11:04:45 | 000,000,000 | ---D | M] -- C:\Users\Ruth\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

========== Purity Check ==========



< End of report >

Good Morning Ruth,

Looks like your good to go , even Duckduckgo is gone and your Chrome homepage has been reset back to Google. So your rid of me and can move on to get the xmas shopping done :)

Is your computer running ok ?

This was so good and I can't believe how much it took to get rid of that malware!

You are a genius!!

Merry Christmas Ken545

RuthB

Your welcome Ruth,

Merry Christmas to you and your family

We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 45, if not proceed with the instructions.

Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)





Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.








Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

I read some of the pages and bookmarked all of them. Thank-you so much!

Also I deleted the programs: OTL, Adwcleaner and the "Look" one as well so I think they're all gone.

Thanks again!

RuthB

Great, now go enjoy Xmas :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.