Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes Detects Pup.optional.Searchqu


  • Please log in to reply

#1
oze

oze

    Member

  • Member
  • PipPip
  • 44 posts
Hello!

With the help emeraldnzl, I have finally gotten my computer to boot up after some particularly nasty malware. I ended up saving most of my data files, but had to restore Windows. As a precaution, I scanned the computer with three separate programs: PC Pitstop Super Shield, Super AntiSpyware, and Malwarebytes. The first two found nothing, but Malwarebytes found dozens of instances of Pup.optional.Searchqu in various Chrome locations (I do not use Chrome, and didn't think it was even on my PC!). I am not using the program to clean the infections yet; I will await further instructions before doing so. Here's the OTL log:

OTL logfile created on: 8/4/2013 12:07:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oze\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 7.48 Gb Available Physical Memory | 62.38% Memory free
23.98 Gb Paging File | 19.43 Gb Available in Paging File | 81.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1849.73 Gb Total Space | 1759.46 Gb Free Space | 95.12% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 75.68 Gb Free Space | 16.25% Space Free | Partition Type: NTFS

Computer Name: OZE-PC | User Name: oze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/04 12:07:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oze\Downloads\OTL.exe
PRC - [2013/08/03 21:54:08 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/06/25 15:18:00 | 000,196,104 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2013/06/18 10:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/01/02 15:43:58 | 003,835,656 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe
PRC - [2013/01/02 15:43:58 | 001,105,672 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe
PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
PRC - [2012/08/31 20:38:26 | 000,027,328 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/06/30 05:01:40 | 003,597,520 | ---- | M] (PC Pitstop, LLC) -- C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe
PRC - [2011/04/29 19:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/04/26 22:10:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/04 00:32:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\76a252e7a04bef4c81c5199d477d117f\IAStorUtil.ni.dll
MOD - [2013/08/04 00:13:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dcc781ebbddf98a9cf6dd4f3b17f1063\System.Web.ni.dll
MOD - [2013/08/04 00:12:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll
MOD - [2013/08/04 00:12:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/08/04 00:12:39 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/08/04 00:12:31 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/08/04 00:12:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/08/04 00:12:25 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/08/04 00:12:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/08/04 00:12:21 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/08/03 21:54:08 | 016,166,280 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/06/18 10:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/02 15:44:00 | 000,181,512 | ---- | M] () -- C:\Program Files (x86)\PCPitstop\SuperShield\pcmaticRTen.dll
MOD - [2012/09/03 22:18:42 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\PCPitstop\SuperShield\sqlite3.dll
MOD - [2011/04/29 19:18:16 | 000,885,760 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2011/04/29 19:13:50 | 002,225,664 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/04/29 19:13:48 | 007,938,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/03/28 22:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/04 00:22:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/25 15:18:00 | 000,196,104 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/02 15:43:58 | 003,835,656 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\SuperShield\PCPitstopRTService.exe -- (PCPitstop Realtime)
SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/14 17:28:40 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/14 17:24:56 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [On_Demand | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [On_Demand | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/28 23:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/28 22:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/28 15:37:15 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/24 13:39:02 | 000,082,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/14 19:04:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/14 19:04:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/12 15:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/27 21:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/27 03:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/27 03:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/24 08:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/03 22:00:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/08/03 21:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oze\AppData\Roaming\Mozilla\Extensions
[2013/08/03 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions
[2013/08/03 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
[2013/08/03 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2013/08/03 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\[email protected]
[2013/08/03 21:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oze\AppData\Roaming\Mozilla\Firefox\Profiles\3n6qu2rv.default\extensions
[2013/08/03 18:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/03 21:16:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [PC MaticRT] C:\Program Files (x86)\PCPitstop\SuperShield\PCMaticRT.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Download Nitro] C:\Program Files (x86)\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKCU..\Run: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SBF59.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON8907A6] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S77DE.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B59FE216-7B37-4292-BC18-C6C68B956203}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE242849-CE91-4D43-B5A3-04E1645DD6D6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/17 15:48:16 | 000,000,040 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/04 00:54:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/08/04 00:54:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/08/04 00:25:32 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013/08/04 00:25:32 | 000,026,112 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013/08/04 00:25:31 | 000,076,800 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_12.104.dll
[2013/08/04 00:25:31 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/08/04 00:25:31 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/08/04 00:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/08/03 23:43:45 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\ElevatedDiagnostics
[2013/08/03 23:35:42 | 000,000,000 | R--D | C] -- C:\Users\oze\Podcasts
[2013/08/03 23:35:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/08/03 23:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2013/08/03 22:59:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/08/03 22:49:45 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2013/08/03 22:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/08/03 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/08/03 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/08/03 22:00:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Thunderbird
[2013/08/03 21:54:18 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Macromedia
[2013/08/03 21:54:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/03 21:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/03 21:43:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/03 21:43:09 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Programs
[2013/08/03 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/03 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/03 21:19:29 | 000,082,872 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2013/08/03 21:18:36 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Free Download Manager
[2013/08/03 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Pitstop
[2013/08/03 21:16:25 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Mozilla
[2013/08/03 21:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/08/03 21:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/08/03 21:11:04 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Adobe
[2013/08/03 21:06:06 | 000,000,000 | ---D | C] -- C:\Users\oze\My Backup Files
[2013/08/03 19:24:51 | 000,000,000 | ---D | C] -- C:\Windows\ie8updates
[2013/08/03 19:24:51 | 000,000,000 | ---D | C] -- C:\Windows\ie8
[2013/08/03 19:24:51 | 000,000,000 | ---D | C] -- C:\Windows\ie7
[2013/08/03 19:24:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\oem
[2013/08/03 19:24:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\keep in touch with HP_files
[2013/08/03 19:24:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ias
[2013/08/03 19:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\DirectX
[2013/08/03 19:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/08/03 19:24:25 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2013/08/03 19:24:25 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013/08/03 19:24:22 | 000,000,000 | ---D | C] -- C:\Windows\KidMedia
[2013/08/03 19:24:22 | 000,000,000 | ---D | C] -- C:\Windows\Intuit
[2013/08/03 19:24:18 | 000,000,000 | ---D | C] -- C:\Windows\I386
[2013/08/03 19:24:09 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/08/03 19:24:09 | 000,000,000 | ---D | C] -- C:\Windows\.file_store_32
[2013/08/03 19:24:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2013/08/03 19:24:03 | 000,000,000 | ---D | C] -- C:\Users\oze\browser - logitech
[2013/08/03 19:24:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2013/08/03 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/08/03 19:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/08/03 19:01:04 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\InstallShield
[2013/08/03 19:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/08/03 18:54:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NETGEAR
[2013/08/03 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Nero_AG
[2013/08/03 18:34:30 | 000,000,000 | ---D | C] -- C:\Users\oze\Logitech
[2013/08/03 18:34:28 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\pdf docs
[2013/08/03 18:34:28 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\minecraft.jar
[2013/08/03 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Tunebite
[2013/08/03 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Taxes
[2013/08/03 18:34:25 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\StarCraft II
[2013/08/03 18:34:25 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Reimbursement
[2013/08/03 18:34:25 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\ReFi
[2013/08/03 18:34:24 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\NaNoWriMo
[2013/08/03 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\NAVIGON
[2013/08/03 18:34:20 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\My Media
[2013/08/03 18:34:20 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\My Games
[2013/08/03 18:34:20 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\My Albums
[2013/08/03 18:34:20 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Mabinogi
[2013/08/03 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\JPG Pix
[2013/08/03 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Jamorama!
[2013/08/03 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Guitar
[2013/08/03 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Equifax
[2013/08/03 18:34:14 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\EA Games
[2013/08/03 18:34:14 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Downloads
[2013/08/03 18:34:14 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Dad
[2013/08/03 18:34:14 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\CyberLink
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\facility
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Cars
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Arktos
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Apple Stuff
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Anna
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Andy
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Amazon MP3
[2013/08/03 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\2011 Vacation Rental
[2013/08/03 18:33:32 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\azhie
[2013/08/03 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Work Stuff
[2013/08/03 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\TOOLS
[2013/08/03 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Sleep
[2013/08/03 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Scanned Docs
[2013/08/03 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Malware
[2013/08/03 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Kids
[2013/08/03 18:33:16 | 000,000,000 | ---D | C] -- C:\Users\oze\Documents\Home Sale
[2013/08/03 18:33:16 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Harmony Icons
[2013/08/03 18:31:25 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Games
[2013/08/03 18:31:18 | 000,000,000 | ---D | C] -- C:\Users\oze\Desktop\Downloads
[2013/08/03 18:31:17 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\world
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Viewpoint
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Tropico 4 Demo
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Tropico 4
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Thunderbird
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\The Creative Assembly
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Smith Micro
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Skype
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\SecondLife
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Registry Mechanic
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\PCDr
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\OverDrive
[2013/08/03 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\ftblauncher
[2013/08/03 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\OpenOffice.org2
[2013/08/03 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\OpenOffice.org
[2013/08/03 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\OpenDNS Updater
[2013/08/03 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Nova Development
[2013/08/03 18:31:14 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/08/03 18:31:14 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETAMIN
[2013/08/03 18:31:14 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Mozilla
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Malwarebytes
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Intuit
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Freeciv
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Epson
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\DwarfsF2P
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\DriverCure
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Divo Games
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\CyberLink
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Corel
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Apple Computer
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Ahead
[2013/08/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Adobe
[2013/08/03 18:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/08/03 18:29:59 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\.techniclauncher
[2013/08/03 18:29:53 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\.technic
[2013/08/03 18:29:43 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\.minecraft
[2013/08/03 18:29:42 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\VisualBeeExe
[2013/08/03 18:29:42 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\.freeciv
[2013/08/03 18:29:39 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Smartbar
[2013/08/03 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\RobloxVersions
[2013/08/03 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Roblox
[2013/08/03 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Panda3D
[2013/08/03 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\OTIS_Soft
[2013/08/03 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Netamin
[2013/08/03 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Laplink
[2013/08/03 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\IsolatedStorage
[2013/08/03 18:28:50 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Identities
[2013/08/03 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Google
[2013/08/03 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Dxtory Software
[2013/08/03 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Cyberlink
[2013/08/03 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Audible
[2013/08/03 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\oze\.thumbnails
[2013/08/03 18:28:43 | 000,000,000 | ---D | C] -- C:\Travel
[2013/08/03 18:28:43 | 000,000,000 | ---D | C] -- C:\Taxes
[2013/08/03 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Nero
[2013/08/03 18:28:30 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Nero
[2013/08/03 18:28:16 | 000,000,000 | R--D | C] -- C:\Users\oze\Desktop\MySyncUPFiles
[2013/08/03 18:28:13 | 000,000,000 | ---D | C] -- C:\Sports Mogul
[2013/08/03 18:28:13 | 000,000,000 | ---D | C] -- C:\Search Engines
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\Seagate temp
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sbsi
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/08/03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/08/03 18:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstopDat
[2013/08/03 18:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2013/08/03 18:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2013/08/03 18:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013/08/03 18:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunebite
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laplink PCmover
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtraPutty
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES(2)
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/08/03 18:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Laplink
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2013/08/03 18:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2013/08/03 18:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2013/08/03 18:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/03 18:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/03 18:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Shrapnel Games
[2013/08/03 18:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013/08/03 18:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/08/03 18:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/08/03 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/08/03 18:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wot test
[2013/08/03 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\share
[2013/08/03 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\readmes
[2013/08/03 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\program
[2013/08/03 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2013/08/03 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/08/03 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zeallsoft
[2013/08/03 18:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org
[2013/08/03 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Connect 2
[2013/08/03 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2013/08/03 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent
[2013/08/03 18:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualRoute
[2013/08/03 18:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[2013/08/03 18:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/08/03 18:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\V CAST Media Manager
[2013/08/03 18:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2013/08/03 18:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/08/03 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013/08/03 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueSwitchEsaya
[2013/08/03 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueSwitchComcast
[2013/08/03 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2013/08/03 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperchipsUpdate
[2013/08/03 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Superchips
[2013/08/03 18:26:13 | 000,000,000 | ---D | C] -- C:\TrustedID IDMonitor Identity Protection
[2013/08/03 18:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/08/03 18:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/08/03 18:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Startup Inspector for Windows
[2013/08/03 18:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2013/08/03 18:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sports Mogul
[2013/08/03 18:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/08/03 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/08/03 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sonic
[2013/08/03 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2013/08/03 18:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shrapnel Games
[2013/08/03 18:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar
[2013/08/03 18:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2013/08/03 18:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2013/08/03 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RockStar Recipes
[2013/08/03 18:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResChanger 2005
[2013/08/03 18:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Kit
[2013/08/03 18:20:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RecordNow
[2013/08/03 18:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidSolution
[2013/08/03 18:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/08/03 18:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QUICKENW
[2013/08/03 18:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken WillMaker Plus 2006
[2013/08/03 18:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Story 3 for Windows
[2013/08/03 18:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/08/03 18:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2013/08/03 18:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PMP DV
[2013/08/03 18:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2013/08/03 18:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paint.NET
[2013/08/03 18:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverDrive Media Console
[2013/08/03 18:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NovaLogic
[2013/08/03 18:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nova Development
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoteBurner
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon Firmware
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETAMIN
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyVoIPSpeed PC
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motherboard Monitor 5
[2013/08/03 18:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013/08/03 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2013/08/03 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0
[2013/08/03 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Remix
[2013/08/03 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft IntelliPoint 5.5
[2013/08/03 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft IntelliPoint
[2013/08/03 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013/08/03 18:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/03 18:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[2013/08/03 18:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/08/03 18:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2013/08/03 18:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Laplink
[2013/08/03 18:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Company
[2013/08/03 18:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kudos
[2013/08/03 18:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc Software Inc
[2013/08/03 18:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames Interactive
[2013/08/03 18:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013/08/03 18:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/08/03 18:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2013/08/03 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photosmart 11
[2013/08/03 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDDGURU LLF Tool
[2013/08/03 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2013/08/03 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2013/08/03 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/08/03 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GCV
[2013/08/03 18:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freeciv-2.3.2-gtk2
[2013/08/03 18:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freeciv-2.3.0-gtk2
[2013/08/03 18:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freeciv-2.1.9-gtk2
[2013/08/03 18:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale NotePad 2003a
[2013/08/03 18:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExtraPutty 0.22
[2013/08/03 18:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EsetOnlineScanner
[2013/08/03 18:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/03 18:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2013/08/03 18:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/08/03 18:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013/08/03 18:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2013/08/03 18:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2013/08/03 18:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney
[2013/08/03 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2013/08/03 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DBS
[2013/08/03 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Davidson
[2013/08/03 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dan Elwell's Broadband Speed Test
[2013/08/03 18:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrossLoop
[2013/08/03 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/08/03 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2013/08/03 18:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Shared
[2013/08/03 18:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common
[2013/08/03 18:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2013/08/03 18:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPAQ
[2013/08/03 18:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/08/03 18:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Caller ID
[2013/08/03 18:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Broderbund
[2013/08/03 18:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/08/03 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Basis
[2013/08/03 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam
[2013/08/03 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BackWeb
[2013/08/03 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/08/03 18:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AtBackup
[2013/08/03 18:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arcsoft
[2013/08/03 18:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\America's Army
[2013/08/03 18:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\America's Army Server Manager
[2013/08/03 18:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2013/08/03 18:17:47 | 000,000,000 | ---D | C] -- C:\Netgear
[2013/08/03 18:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/08/03 18:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM95
[2013/08/03 18:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013/08/03 18:17:44 | 000,000,000 | ---D | C] -- C:\AMD
[2013/08/03 18:07:49 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Dell
[2013/08/03 18:07:14 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Fingertapps
[2013/08/03 18:07:13 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Dell
[2013/08/03 18:07:10 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Dell Touch Zone
[2013/08/03 18:07:09 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Roxio
[2013/08/03 18:07:07 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\ATI
[2013/08/03 18:07:07 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\ATI
[2013/08/03 18:07:06 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Intel Corporation
[2013/08/03 18:06:56 | 000,000,000 | R--D | C] -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/03 18:06:56 | 000,000,000 | R--D | C] -- C:\Users\oze\Searches
[2013/08/03 18:06:56 | 000,000,000 | R--D | C] -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/03 18:06:56 | 000,000,000 | -H-D | C] -- C:\Users\oze\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/03 18:06:45 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Identities
[2013/08/03 18:06:43 | 000,000,000 | R--D | C] -- C:\Users\oze\Contacts
[2013/08/03 18:06:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/03 18:06:41 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\VirtualStore
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\AppData\Local\Temporary Internet Files
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Templates
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Start Menu
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\SendTo
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Recent
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\PrintHood
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\NetHood
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Documents\My Videos
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Documents\My Pictures
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Documents\My Music
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\My Documents
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Local Settings
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\AppData\Local\History
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Cookies
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\Application Data
[2013/08/03 18:04:22 | 000,000,000 | -HSD | C] -- C:\Users\oze\AppData\Local\Application Data
[2013/08/03 18:04:21 | 000,000,000 | --SD | C] -- C:\Users\oze\AppData\Roaming\Microsoft
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Videos
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Saved Games
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Pictures
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Music
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Links
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Favorites
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Downloads
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Documents
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\Desktop
[2013/08/03 18:04:21 | 000,000,000 | R--D | C] -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/03 18:04:21 | 000,000,000 | -H-D | C] -- C:\Users\oze\AppData
[2013/08/03 18:04:21 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Temp
[2013/08/03 18:04:21 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\SoftThinks
[2013/08/03 18:04:21 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Local\Microsoft
[2013/08/03 18:04:21 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Media Center Programs
[2013/08/03 18:04:21 | 000,000,000 | ---D | C] -- C:\Users\oze\AppData\Roaming\Macromedia

========== Files - Modified Within 30 Days ==========

[2013/08/04 11:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/04 11:42:45 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 11:42:45 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/04 10:01:43 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/04 10:01:43 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/04 10:01:43 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/04 09:54:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/04 09:54:37 | 1066,602,494 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/04 00:09:03 | 000,322,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/03 23:34:33 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2013/08/03 23:01:31 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/08/03 22:00:19 | 000,002,112 | ---- | M] () -- C:\Users\oze\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/03 22:00:09 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/08/03 21:17:50 | 000,002,036 | ---- | M] () -- C:\Users\oze\Desktop\PC Matic.lnk
[2013/08/03 21:16:18 | 000,001,149 | -H-- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/03 19:00:26 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/08/03 18:27:01 | 000,001,439 | ---- | M] () -- C:\Users\oze\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/03 18:26:14 | 000,000,213 | ---- | M] () -- C:\Users\Public\Desktop\My Identity Protection.url
[2013/08/03 18:11:17 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/08/03 18:11:17 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/08/03 18:09:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/08/04 00:25:31 | 003,342,768 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013/08/04 00:25:31 | 003,309,936 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013/08/04 00:25:31 | 001,187,342 | ---- | C] () -- C:\Windows\SysNative\amdocl_as64.exe
[2013/08/04 00:25:31 | 001,061,902 | ---- | C] () -- C:\Windows\SysNative\amdocl_ld64.exe
[2013/08/04 00:25:31 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/08/04 00:25:31 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/04 00:25:31 | 000,695,006 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013/08/04 00:25:31 | 000,522,872 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013/08/04 00:25:31 | 000,522,872 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013/08/04 00:25:31 | 000,230,836 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat
[2013/08/04 00:25:31 | 000,230,064 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat
[2013/08/04 00:25:31 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2013/08/04 00:25:31 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/08/04 00:25:31 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2013/08/04 00:25:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/08/04 00:25:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2013/08/04 00:25:31 | 000,075,600 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat
[2013/08/04 00:25:31 | 000,044,066 | ---- | C] () -- C:\Windows\atiogl.xml
[2013/08/04 00:25:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/08/04 00:25:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2013/08/04 00:22:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/04 00:20:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/08/03 23:34:33 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2013/08/03 22:59:51 | 1066,602,494 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/03 22:30:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/08/03 22:23:31 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/08/03 22:00:09 | 000,002,112 | ---- | C] () -- C:\Users\oze\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/03 22:00:09 | 000,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013/08/03 22:00:09 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/08/03 21:17:50 | 000,002,036 | ---- | C] () -- C:\Users\oze\Desktop\PC Matic.lnk
[2013/08/03 21:16:18 | 000,001,161 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/03 21:16:18 | 000,001,149 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/03 19:01:09 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/03 19:01:08 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/08/03 19:01:08 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/08/03 19:01:08 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/08/03 19:01:08 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/08/03 19:01:08 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/08/03 19:01:08 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/08/03 19:01:08 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/08/03 19:01:08 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2013/08/03 19:01:08 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/08/03 19:01:08 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2013/08/03 19:01:08 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/08/03 19:01:08 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/08/03 19:01:08 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/08/03 19:01:08 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/08/03 19:01:08 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/08/03 19:01:08 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/08/03 19:01:08 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/08/03 19:01:05 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2013/08/03 19:01:05 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2013/08/03 19:01:05 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2013/08/03 19:01:05 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2013/08/03 19:00:26 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/08/03 18:27:01 | 000,001,439 | ---- | C] () -- C:\Users\oze\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/03 18:09:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/08/03 18:07:01 | 000,001,371 | ---- | C] () -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/08/03 18:06:58 | 000,001,445 | ---- | C] () -- C:\Users\oze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/03 18:06:33 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/08/03 18:06:32 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/08/03 18:04:40 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2013/08/03 18:04:21 | 000,000,290 | ---- | C] () -- C:\Users\oze\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/03 18:04:21 | 000,000,272 | ---- | C] () -- C:\Users\oze\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/05 20:39:41 | 001,792,437 | ---- | C] () -- C:\Users\oze\2012-02-10_19.18.21.png
[2012/03/05 20:39:41 | 000,479,549 | ---- | C] () -- C:\Users\oze\2012-02-21_17.45.07.png
[2012/03/05 20:39:41 | 000,273,840 | ---- | C] () -- C:\Users\oze\2012-03-03_22.42.15.png
[2012/03/05 20:39:41 | 000,139,931 | ---- | C] () -- C:\Users\oze\DarthMaulMe_Photo.jpg
[2011/09/14 19:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/14 17:29:48 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/09/14 17:29:48 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/09/14 17:29:48 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/09/14 17:29:13 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/09/14 17:29:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\oze\AppData\Roaming\Mozilla\Firefox\Profiles\1nq9i9mp.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\oze\AppData\Roaming\Thunderbird\Profiles\bs4hfgkw.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/03 18:29:42 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\.freeciv
[2013/08/03 18:29:48 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\.minecraft
[2013/08/03 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\.technic
[2013/08/03 18:30:33 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\.techniclauncher
[2013/08/03 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Divo Games
[2013/08/03 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\DriverCure
[2013/08/03 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\DwarfsF2P
[2013/08/04 00:10:00 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Epson
[2013/08/03 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Fingertapps
[2013/08/04 12:09:04 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Free Download Manager
[2013/08/03 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Freeciv
[2013/08/03 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\ftblauncher
[2013/08/03 18:31:15 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Nova Development
[2013/08/03 18:31:15 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\OpenDNS Updater
[2013/08/03 18:31:15 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\OpenOffice.org
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\OverDrive
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\PCDr
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Registry Mechanic
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\SecondLife
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Smith Micro
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\The Creative Assembly
[2013/08/03 22:00:12 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Thunderbird
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Tropico 4
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Tropico 4 Demo
[2013/08/03 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\Viewpoint
[2013/08/03 18:31:18 | 000,000,000 | ---D | M] -- C:\Users\oze\AppData\Roaming\world

========== Purity Check ==========



< End of report >

Edited by oze, 04 August 2013 - 10:25 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Glad you got it fixed.

SearchQu is just adware. You can let MBAM remove it. AdwCleaner will also remove it:


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the Delete option
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

  • 0

#3
oze

oze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Thanks for the reply! I got bold and removed Silvetlight, then let MBAM clean it up. I was a bit gunshy because just cleaning malware willy-nilly is what, I believe, caused the mess from last week. All is good, thanks again.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
OK. Goodbye time:


OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP