This topic is locked
So my laptop started getting the bad image popups every time that I attempted to open any application, for quite a while now.
The application or DLL C:\\PROGRA~1\SearchProtect\bin\VC32Loader.dll is not a valid Windows image. Please check this against your installation diskette.
This wasn't a new laptop when I had gotten it either, it belonged to a friend who was just trying to get money by selling it. I did not relieve any disks, or anything that would come with the laptop when purchased as new. So, over time, when I took a trip to Florida and left my laptop at home, my younger sister was using it without my knowledge, and playing on gaming websites which caused problems. As of last night (8.24.15) I ran a Malawarebites Anti-Maliware scan, and it came up with +7,300 threats that were scanned and located in three hours, around 5,000 were quarantined before my laptop had shut down due to my sister pulling out the charger from my laptop (my battery doesn't hold a charge).
I ran the FRST scan, and here's the results it gave me:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2015
Ran by Administrator (administrator) on D620 (25-08-2015 12:00:35)
Running from C:\Documents and Settings\Writing\Desktop
Loaded Profiles: Writing & Administrator (Available Profiles: Katie & Kat3lr & sheofourtris & Writing & Trial & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE
() C:\Program Files\Compliant Host Controller\comc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
() C:\Documents and Settings\Writing\Local Settings\Application Data\UpdaterSvcSmarterPower1024\updatersvcsmarterpower.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Copyright © Microsoft 2015) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe
(US Tech Support LLC) C:\Program Files\USTechSupport\SchedulerService\SchedulerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Goobzo) C:\PROGRA~1\YTDOWN~1\BrowserHelper.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1392640 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1206544 2009-09-21] (Intel® Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-854245398-616249376-1801674531-1023\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll [213776 2015-07-02] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2013-07-20]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Katie\Start Menu\Programs\Startup\BlitzMediaPlayer.lnk [2014-09-07]
ShortcutTarget: BlitzMediaPlayer.lnk -> C:\Program Files\BlitzMediaPlayer\BlitzMediaPlayerApp.exe (No File)
Startup: C:\Documents and Settings\sheofourtris\Start Menu\Programs\Startup\Download.lnk [2015-07-07]
ShortcutTarget: Download.lnk -> C:\Documents and Settings\All Users\Application Data\{96af2a23-618d-7a19-96af-f2a23618a88d}\Download.exe (No File)
Startup: C:\Documents and Settings\Writing\Start Menu\Programs\Startup\bm.lnk [2015-07-20]
ShortcutTarget: bm.lnk -> C:\Documents and Settings\Writing\Local Settings\Application Data\m1a0vtytzklhbmn\m3a0bzzwzl9hdwn.exe ()
Startup: C:\Documents and Settings\Writing\Start Menu\Programs\Startup\loons.lnk [2015-07-20]
ShortcutTarget: loons.lnk -> C:\Documents and Settings\Writing\Local Settings\Application Data\m0w0bzzvzm5hc2m\m0w0bzzvzm5hc2m.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-854245398-616249376-1801674531-1023\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:1051;https=127.0.0.1:1051;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-854245398-616249376-1801674531-1023\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
URLSearchHook: [S-1-5-21-854245398-616249376-1801674531-1023] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-854245398-616249376-1801674531-500] ATTENTION => Default URLSearchHook is missing
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= ATTENTION
SearchScopes: HKLM -> URL hxxp://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F77ztutdk0001,c8ac14aa-5d80-478b-926f-2e83e5b049c9,
SearchScopes: HKU\.DEFAULT -> DefaultScope {4B5B4143-FBDA-4EDB-991B-F2814D7E432E} URL = hxxps://search.yahoo.com/yhs/search?hspart=tightrope&hsimp=yhs-tig1&type=11191_011915&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {4B5B4143-FBDA-4EDB-991B-F2814D7E432E} URL = hxxps://search.yahoo.com/yhs/search?hspart=tightrope&hsimp=yhs-tig1&type=11191_011915&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-854245398-616249376-1801674531-1023 -> URL hxxp://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F77ztutdk0001,c8ac14aa-5d80-478b-926f-2e83e5b049c9,
SearchScopes: HKU\S-1-5-21-854245398-616249376-1801674531-1023 -> {A755D706-0B3C-481D-9896-DBD699A7CA74} URL =
Toolbar: HKLM - No Name - {96B06AFC-37EC-47DA-88EC-E74D6CE4CBC4} - No File
Toolbar: HKLM - No Name - {0AC73CDE-9CB4-473A-8196-BF21CA2EF48B} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297435219125
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1846F656-928A-4D9A-A6F0-63675E8E1C68}: [NameServer] 208.67.222.222
Tcpip\..\Interfaces\{1846F656-928A-4D9A-A6F0-63675E8E1C68}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{900BA0E0-8D74-4418-AFDC-CC2C11907923}: [DhcpNameServer] 10.1.7.10 10.32.1.11 10.40.4.10
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-01-18] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-08-25]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-07-06] ()
R2 chost1394; C:\Program Files\Compliant Host Controller\comc.exe [376832 2015-07-23] () [File not signed]
S2 f104e31c; c:\Program Files\BocaMonitor\BocaMonitor.dll [2725376 2015-08-09] () [File not signed]
R2 GIX38; C:\Documents and Settings\Writing\Local Settings\Application Data\UpdaterSvcSmarterPower1024\updatersvcsmarterpower.exe [33280 2015-07-24] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-04] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 msdotnetserv_v2050729; C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [954368 2009-09-21] (Intel® Corporation) [File not signed]
R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 USTSScheduler; C:\Program Files\USTechSupport\SchedulerService\SchedulerService.exe [737600 2013-01-17] (US Tech Support LLC)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [364544 2009-09-21] (Intel® Corporation) [File not signed]
S2 d51c1198; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files\SoftwareForce\SoftwareForce.dll",serv
S2 ToolGet; C:\Documents and Settings\All Users\Application Data\ToolGet\ToolGet [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [98520 2015-08-24] (Malwarebytes Corporation)
R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [47488 2015-04-02] (NetFilterSDK.com) [File not signed]
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-15] (Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2009-08-10] (Intel Corporation)
R1 sbmntr; C:\Program Files\YTDownloader\sbmntr.sys [28960 2015-07-06] (YTDownloader)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 TIEHDUSB; C:\WINDOWS\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
S0 cerc6; no ImagePath
S3 cpuz136; \??\C:\DOCUME~1\Katie\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S3 HSFHWAZL; system32\DRIVERS\HSFHWAZL.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSF_DPV.sys [X]
S4 IntelIde; no ImagePath
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-25 12:00 - 2015-08-25 12:00 - 00000000 ____D C:\FRST
2015-08-25 11:53 - 2015-08-25 11:53 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Spacejock Software
2015-08-25 11:34 - 2015-08-25 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-08-25 11:29 - 2015-08-25 11:44 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-25 11:29 - 2015-08-25 11:34 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-24 19:05 - 2015-08-24 19:05 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Windows Search
2015-08-24 19:03 - 2015-08-24 20:30 - 00003136 _____ C:\WINDOWS\setupapi.log
2015-08-24 17:39 - 2015-08-24 17:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-08-24 16:45 - 2015-08-24 16:45 - 00000000 ____D C:\Program Files\CCleaner
2015-08-24 16:45 - 2015-08-24 16:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-08-24 16:37 - 2015-08-24 16:39 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-24 16:37 - 2015-08-24 16:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-24 16:37 - 2015-08-24 16:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-24 16:37 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-24 16:37 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-23 22:19 - 2015-08-23 22:19 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\WinRAR
2015-08-23 22:15 - 2012-02-17 14:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFC71.dll
2015-08-23 22:15 - 2012-02-17 14:01 - 01047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFC71u.dll
2015-08-23 22:14 - 2015-08-23 22:14 - 00000000 ____D C:\Program Files\TI Education
2015-08-23 22:14 - 2015-08-23 22:14 - 00000000 ____D C:\Program Files\Common Files\TI Shared
2015-08-23 22:14 - 2015-08-23 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TI Tools
2015-08-23 22:14 - 2004-02-04 10:27 - 00049536 _____ (Texas Instruments Incorporated) C:\WINDOWS\system32\Drivers\tiehdusb.sys
2015-08-23 22:14 - 2004-01-28 15:03 - 00021456 _____ (Texas Instruments Incorporated) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
2015-08-23 22:02 - 2015-08-23 22:15 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-23 22:02 - 2015-08-23 22:15 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-23 22:02 - 2015-08-23 22:15 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-23 22:02 - 2015-08-23 22:15 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-23 22:02 - 2015-08-23 22:15 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-23 21:35 - 2015-08-23 21:35 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2015-08-23 21:14 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\DailyPcClean Support
2015-08-23 19:30 - 2015-08-23 19:30 - 00000000 ____D C:\Program Files\DNS Unlocker
2015-08-23 15:24 - 2015-08-24 20:40 - 00000000 ____D C:\Program Files\Cinema PlusV23.08
2015-08-23 15:05 - 2015-08-24 20:40 - 00000000 ____D C:\Program Files\DailyPcClean Support
2015-08-23 15:05 - 2015-08-24 20:40 - 00000000 ____D C:\Program Files\DailyPCClean
2015-08-23 15:05 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\DailyPcClean Support
2015-08-23 15:05 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DailyPCClean
2015-08-23 15:05 - 2015-08-23 15:05 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\DailyPCClean
2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini
2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini
2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini
2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini
2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini
2015-08-23 14:41 - 2015-08-23 14:41 - 00045776 _____ C:\Documents and Settings\Trial\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Application Data\gmsd_us_005010047
2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Application Data\gmsd_us_005010044
2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Application Data\gmsd_us_005010040
2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\SmartWeb
2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Apple Computer
2015-08-23 14:40 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Temp
2015-08-23 14:40 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Application Data\SearchProtect
2015-08-23 14:40 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial
2015-08-23 14:40 - 2015-06-20 22:00 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Windows Desktop Search
2015-08-23 14:40 - 2014-09-21 11:13 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Macromedia
2015-08-23 14:40 - 2013-05-21 22:54 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Intel
2015-08-23 14:40 - 2012-09-19 20:15 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Application Data\Microsoft Help
2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache
2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache
2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache
2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache
2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache
2015-08-20 22:02 - 2015-08-20 22:02 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\gmsd_us_005010047
2015-08-20 22:02 - 2015-08-20 22:02 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\gmsd_us_005010044
2015-08-17 10:10 - 2015-08-17 10:10 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\Opera Software
2015-08-17 10:10 - 2015-08-17 10:10 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Opera Software
2015-08-17 10:09 - 2015-08-25 11:24 - 00000380 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1439820538.job
2015-08-17 10:09 - 2015-08-17 10:09 - 00000675 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2015-08-16 17:46 - 2015-08-16 17:46 - 00000000 ____D C:\Program Files\Sm2y0nty1zjjhzgn
2015-08-16 15:17 - 2015-08-16 15:17 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Super Optimizer
2015-08-16 15:11 - 2015-08-24 20:40 - 00000000 ____D C:\Program Files\Super Optimizer
2015-08-16 15:11 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Super Optimizer
2015-08-16 15:11 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{d8d4fe72-4b13-8f6d-d8d4-4fe724b1f9c9}
2015-08-13 19:49 - 2015-08-13 19:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Sun
2015-08-09 11:46 - 2015-08-09 11:47 - 00000000 ____D C:\Program Files\System Cleaner Pro
2015-08-09 11:46 - 2015-08-09 11:46 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\JV Update
2015-08-09 11:26 - 2015-08-09 11:26 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Itibiti
2015-08-09 11:25 - 2015-08-09 11:25 - 00000000 ____D C:\Program Files\Itibiti Soft Phone
2015-08-09 11:25 - 2015-08-09 11:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\KNCTR
2015-08-09 11:22 - 2015-08-24 20:39 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV09.08
2015-08-09 11:15 - 2015-08-09 11:15 - 00000000 ____D C:\Program Files\BocaMonitor
2015-08-01 22:00 - 2015-08-01 22:09 - 00153747 _____ C:\Documents and Settings\All Users\Application Data\8AN2gJxF.dat
2015-07-31 20:53 - 2015-08-24 20:41 - 00000000 ____D C:\Program Files\gmsd_us_005010047
2015-07-31 20:53 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\gmsd_us_005010047
2015-07-31 20:49 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\6FD6BF4E-8A83-49A0-AB7-1DBB4B3A410
2015-07-30 14:59 - 2015-08-24 20:39 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV30.07
2015-07-29 16:26 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\33DA8500-CC25-48E1-8D27-B1A1377D9DAE
2015-07-28 23:02 - 2015-07-28 23:02 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\m0q0tzztzkjhlwn
2015-07-28 21:04 - 2015-07-28 21:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{60e253a7-2f92-bf74-60e2-253a72f94e9c}
2015-07-28 21:00 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Search
2015-07-28 21:00 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DesktopSearch
2015-07-28 20:44 - 2015-08-24 20:41 - 00000000 ____D C:\Program Files\gmsd_us_005010044
2015-07-28 20:44 - 2015-08-24 20:41 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\gmsd_us_005010044
2015-07-28 20:41 - 2015-07-28 20:41 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\iStreamlite
2015-07-28 20:41 - 2015-07-28 20:41 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\iStreamLite
2015-07-28 20:24 - 2015-08-24 20:39 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV28.07
2015-07-27 15:09 - 2015-08-24 20:39 - 00000000 ____D C:\Program Files\CinemaPlus-3.2cV27.07
2015-07-27 11:00 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\A2B67FD3-FE0A-48AA-8744-C7178357EA0
2015-07-26 22:30 - 2015-08-24 20:40 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\2CEEE2A8-EB6C-46C4-B963-4272DBFD7BFF
2015-07-26 22:00 - 2015-07-26 22:00 - 00000000 _____ C:\Documents and Settings\Writing\Number of results
2015-07-26 22:00 - 2015-07-26 22:00 - 00000000 _____ C:\Documents and Settings\Writing\Number of results
2015-07-26 22:00 - 2015-07-26 22:00 - 00000000 _____ C:\Documents and Settings\Writing\Number of results
2015-07-26 22:00 - 2015-07-26 22:00 - 00000000 _____ C:\Documents and Settings\Writing\Number of results
2015-07-26 22:00 - 2015-07-26 22:00 - 00000000 _____ C:\Documents and Settings\Writing\Number of results
2015-07-26 17:54 - 2015-07-26 17:54 - 00000000 _____ C:\Documents and Settings\Writing\Local Settings\Application Data\{28AC3160-E789-44E2-B6C7-A7E9A8FF83B7}
2015-07-26 16:50 - 2015-07-26 16:50 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\Adobe
2015-07-26 16:00 - 2015-07-26 16:00 - 00000930 _____ C:\Documents and Settings\Writing\${LOGFILE}
2015-07-26 16:00 - 2015-07-26 16:00 - 00000930 _____ C:\Documents and Settings\Writing\${LOGFILE}
2015-07-26 16:00 - 2015-07-26 16:00 - 00000930 _____ C:\Documents and Settings\Writing\${LOGFILE}
2015-07-26 16:00 - 2015-07-26 16:00 - 00000930 _____ C:\Documents and Settings\Writing\${LOGFILE}
2015-07-26 16:00 - 2015-07-26 16:00 - 00000930 _____ C:\Documents and Settings\Writing\${LOGFILE}
2015-07-26 15:31 - 2015-07-26 15:31 - 00000000 _____ C:\355.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-25 12:01 - 2015-07-12 17:06 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Temp
2015-08-25 12:01 - 2015-01-19 19:11 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-25 11:57 - 2014-09-08 17:57 - 00000480 _____ C:\WINDOWS\Tasks\PETN Update.job
2015-08-25 11:36 - 2014-09-07 15:36 - 00000414 _____ C:\WINDOWS\Tasks\At1.job
2015-08-25 11:35 - 2015-07-07 12:47 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\BrowserHelper
2015-08-25 11:33 - 2014-09-06 01:10 - 00000000 ____D C:\Program Files\Google
2015-08-25 11:29 - 2011-02-11 08:33 - 01272704 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-25 11:27 - 2008-04-14 03:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-25 11:25 - 2011-02-11 10:19 - 00153495 _____ C:\WINDOWS\system32\nvModes.001
2015-08-25 11:25 - 2011-02-11 10:18 - 00184314 _____ C:\WINDOWS\system32\nvapps.xml
2015-08-25 11:25 - 2011-02-11 03:28 - 00000157 _____ C:\WINDOWS\wiadebug.log
2015-08-25 11:25 - 2011-02-11 03:28 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-25 11:24 - 2015-07-24 15:51 - 00001076 _____ C:\WINDOWS\Tasks\CxhJ5rDXjW2LZlw88S0K.job
2015-08-25 11:24 - 2015-07-12 15:51 - 00001082 _____ C:\WINDOWS\Tasks\liyfRBnpd3oV16DBx2Xb07O.job
2015-08-25 11:24 - 2015-07-12 15:51 - 00001062 _____ C:\WINDOWS\Tasks\r9OrLWuQuGNQs.job
2015-08-25 11:24 - 2015-07-11 12:59 - 00001054 _____ C:\WINDOWS\Tasks\S8v28p5NITjC1ZgbysVFsUo.job
2015-08-25 11:24 - 2015-07-10 22:36 - 00001054 _____ C:\WINDOWS\Tasks\Uandd9YYBmihfvXNPCbNbYh.job
2015-08-25 11:24 - 2015-07-07 12:47 - 00000372 _____ C:\WINDOWS\Tasks\YTDownloader.job
2015-08-25 11:24 - 2015-07-07 12:47 - 00000362 _____ C:\WINDOWS\Tasks\YTDownloaderUpd.job
2015-08-25 11:24 - 2015-07-06 12:59 - 00000508 ____H C:\WINDOWS\Tasks\BDLYHBMDHLAGVOIA.job
2015-08-25 11:24 - 2015-07-06 12:53 - 00000496 _____ C:\WINDOWS\Tasks\GlobalUpdate-m2y0yzzxzmthbwn.job
2015-08-25 11:24 - 2015-05-28 21:47 - 00000580 _____ C:\WINDOWS\Tasks\companion_for_gamers_helper_service.job
2015-08-25 11:24 - 2015-01-19 18:43 - 00000634 _____ C:\WINDOWS\Tasks\Client.job
2015-08-25 11:24 - 2015-01-19 18:43 - 00000578 _____ C:\WINDOWS\Tasks\Check Updates.job
2015-08-25 11:24 - 2015-01-19 18:43 - 00000574 _____ C:\WINDOWS\Tasks\Run Tasks.job
2015-08-25 11:24 - 2014-12-12 16:48 - 00000000 ____D C:\Program Files\Opera
2015-08-25 11:24 - 2014-09-04 21:33 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-25 11:24 - 2011-02-11 08:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-24 21:10 - 2014-10-23 15:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-24 20:43 - 2011-02-11 08:39 - 00031966 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-24 20:42 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini
2015-08-24 20:42 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini
2015-08-24 20:42 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini
2015-08-24 20:42 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini
2015-08-24 20:42 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini
2015-08-24 20:42 - 2015-07-06 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\abc
2015-08-24 20:41 - 2015-07-24 15:40 - 00000000 ____D C:\Program Files\gmsd_us_005010040
2015-08-24 20:41 - 2015-07-12 16:22 - 00000000 ____D C:\Documents and Settings\Katie\Local Settings\Application Data\gmsd_us_005010029
2015-08-24 20:41 - 2015-07-12 15:45 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\gmsd_us_005010029
2015-08-24 20:41 - 2015-07-07 13:30 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\avabvexvac
2015-08-24 20:41 - 2015-07-07 12:50 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-08-24 20:41 - 2015-07-07 12:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ShopperPro
2015-08-24 20:41 - 2015-07-06 12:43 - 00000000 ____D C:\Program Files\shopperz
2015-08-24 20:41 - 2015-06-24 19:33 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\avabvdxvy
2015-08-24 20:41 - 2015-06-09 10:26 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\avabvbavad
2015-08-24 20:41 - 2015-06-04 15:43 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\avabvbyvyc
2015-08-24 20:41 - 2015-06-04 10:02 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\avabvbyvyc
2015-08-24 20:41 - 2015-05-27 18:07 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\avabvbxvh
2015-08-24 20:41 - 2015-02-01 22:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-08-24 20:41 - 2015-01-10 14:57 - 00000000 ____D C:\Program Files\TNT2
2015-08-24 20:41 - 2015-01-02 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TakeTHECoupOn
2015-08-24 20:41 - 2014-09-08 19:36 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Astromenda
2015-08-24 20:41 - 2014-09-07 15:29 - 00000000 ____D C:\Documents and Settings\Katie\Application Data\VOPackage
2015-08-24 20:41 - 2014-09-07 15:25 - 00000000 ____D C:\Documents and Settings\Katie\Local Settings\Application Data\Genesis_09071925
2015-08-24 20:40 - 2015-07-25 16:45 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\F05F5344-ADA3-48F4-9628-C3F74B3D3D3
2015-08-24 20:40 - 2015-07-24 15:40 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\gmsd_us_005010040
2015-08-24 20:40 - 2015-07-24 15:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\StormWarnings
2015-08-24 20:40 - 2015-07-24 15:38 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\StormWarnings
2015-08-24 20:40 - 2015-07-24 15:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\StormWarnings
2015-08-24 20:40 - 2015-07-24 15:34 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\6CBF5050-5AD4-4D5A-816-4F547B2D15BC
2015-08-24 20:40 - 2015-07-24 13:59 - 00000000 ____D C:\Program Files\Common Files\hdquhtjl.th1
2015-08-24 20:40 - 2015-07-20 20:35 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\m0w0bzzvzm5hc2m
2015-08-24 20:40 - 2015-07-20 19:36 - 00000000 ____D C:\Program Files\4C4C4544-1436755823-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-20 19:36 - 00000000 ____D C:\Program Files\4C4C4544-1436199977-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-12 22:54 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\4C4C4544-1436741657-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-12 22:54 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\4C4C4544-1436741641-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-12 22:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{7ac4b295-06f9-c702-7ac4-4b29506fca54}
2015-08-24 20:40 - 2015-07-12 22:51 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\4C4C4544-1436741496-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-12 22:50 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\4C4C4544-1436755823-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-12 18:26 - 00000000 ____D C:\Program Files\Consumer Input
2015-08-24 20:40 - 2015-07-12 18:23 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\BF476A5D-4D14-4415-A54A-14E2A8B4D66C
2015-08-24 20:40 - 2015-07-12 17:38 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\BrowserHelper
2015-08-24 20:40 - 2015-07-08 14:49 - 00000000 ____D C:\Program Files\FriendlyError
2015-08-24 20:40 - 2015-07-07 13:31 - 00000000 ____D C:\Documents and Settings\sheofourtris\Application Data\4C4C4544-1436290292-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-07 13:30 - 00000000 ____D C:\Program Files\SearchProtect
2015-08-24 20:40 - 2015-07-07 12:51 - 00000000 ____D C:\Program Files\Ge-Force
2015-08-24 20:40 - 2015-07-07 12:50 - 00000000 ____D C:\Program Files\ShopperPro
2015-08-24 20:40 - 2015-07-07 12:46 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\DeskBar
2015-08-24 20:40 - 2015-07-07 12:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SearchModule
2015-08-24 20:40 - 2015-07-07 11:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{96af2a23-618d-7a19-96af-f2a23618a88d}
2015-08-24 20:40 - 2015-07-06 16:22 - 00000000 ____D C:\Documents and Settings\Katie\Local Settings\Application Data\StormWatch
2015-08-24 20:40 - 2015-07-06 12:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Service1291
2015-08-24 20:40 - 2015-07-06 12:39 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\SmartWeb
2015-08-24 20:40 - 2015-07-06 12:39 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\80F7805B-BCCD-42C6-B8D-47320B2EEAD
2015-08-24 20:40 - 2015-07-06 12:29 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Application Data\4C4C4544-1436185766-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-07-06 12:26 - 00000000 ____D C:\Documents and Settings\sheofourtris\Application Data\6635
2015-08-24 20:40 - 2015-07-06 12:26 - 00000000 ____D C:\Documents and Settings\sheofourtris\Application Data\4C4C4544-1436199977-4B10-8039-C8C04F4B4831
2015-08-24 20:40 - 2015-06-04 15:42 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\Application Data\CrimeWatch
2015-08-24 20:40 - 2015-05-27 18:01 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Temp
2015-08-24 20:40 - 2015-05-06 19:13 - 00000000 ____D C:\Program Files\Games Bot
2015-08-24 20:40 - 2015-05-01 21:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{1158b7dd-d0b8-a80b-1158-8b7ddd0bdf77}
2015-08-24 20:40 - 2015-01-19 18:41 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\StormWatch
2015-08-24 20:40 - 2015-01-11 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Browser
2015-08-24 20:40 - 2015-01-10 14:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\UpdateAdmin
2015-08-24 20:40 - 2015-01-08 22:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\fopneeomcncoadkhijbapjiidaedkcfg
2015-08-24 20:40 - 2014-12-01 10:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\14e8c327e3c6ddb5
2015-08-24 20:40 - 2014-11-23 16:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\1506668651448032693
2015-08-24 20:40 - 2014-11-23 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\dnonpahagjngllclmkgiokobafojjpel
2015-08-24 20:40 - 2014-09-28 16:44 - 00000000 ____D C:\Documents and Settings\Katie\Application Data\7148
2015-08-24 20:40 - 2014-09-08 17:57 - 00000000 ____D C:\Program Files\PETN
2015-08-24 20:40 - 2014-09-07 15:28 - 00000000 ____D C:\Documents and Settings\Katie\Application Data\30865
2015-08-24 20:40 - 2014-09-03 06:26 - 00000000 ____D C:\Documents and Settings\Katie\Local Settings\Temp
2015-08-24 20:39 - 2015-07-24 13:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ToolGet
2015-08-24 20:39 - 2015-07-07 13:18 - 00000000 ____D C:\Program Files\WordShark_1.10.0.19
2015-08-24 20:39 - 2015-07-07 10:57 - 00000000 ____D C:\Program Files\GUPlayer
2015-08-24 20:39 - 2015-07-06 12:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FlashBeat
2015-08-24 20:39 - 2015-05-29 17:32 - 00000000 ____D C:\Program Files\JavaScript Notepad
2015-08-24 20:39 - 2015-05-08 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SharkManCoupon
2015-08-24 20:39 - 2015-04-14 18:50 - 00000000 ____D C:\Program Files\Optimizer Pro 3.79
2015-08-24 20:39 - 2014-12-12 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AdBlocker Manger
2015-08-24 20:39 - 2014-09-10 19:38 - 00000000 ____D C:\Program Files\SmarterPower
2015-08-24 19:19 - 2015-06-14 18:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-24 17:19 - 2013-10-19 15:04 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-24 17:12 - 2015-07-12 17:06 - 00000000 ____D C:\Documents and Settings\Writing
2015-08-24 16:24 - 2015-07-12 17:06 - 00049712 _____ C:\Documents and Settings\Writing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-24 16:24 - 2015-03-14 22:42 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-08-24 16:18 - 2011-02-11 03:24 - 00206512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-23 23:00 - 2015-07-06 12:26 - 00000000 ____D C:\Program Files\Coupoon
2015-08-23 22:19 - 2011-02-11 03:25 - 00621830 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-23 22:14 - 2011-02-11 03:16 - 00000000 ____D C:\WINDOWS\twain_32
2015-08-23 22:14 - 2011-02-11 03:16 - 00000000 ____D C:\WINDOWS\system
2015-08-23 22:02 - 2015-01-19 19:11 - 00000000 ___SD C:\Documents and Settings\Administrator
2015-08-23 21:59 - 2013-07-20 21:15 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini
2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini
2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini
2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini
2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini
2015-08-23 21:15 - 2015-05-27 18:00 - 00000000 ____D C:\Documents and Settings\sheofourtris
2015-08-23 21:14 - 2015-07-07 11:26 - 00000000 ____D C:\Documents and Settings\sheofourtris\Application Data\SmartWeb
2015-08-23 14:44 - 2012-03-23 12:11 - 00000000 ____D C:\Temp
2015-08-23 14:41 - 2011-02-11 10:19 - 00153495 _____ C:\WINDOWS\system32\nvModes.dat
2015-08-23 14:23 - 2015-07-12 17:06 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\SmartWeb
2015-08-18 14:57 - 2008-04-14 03:00 - 00000657 _____ C:\WINDOWS\win.ini
2015-08-17 14:28 - 2015-07-20 20:35 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\m1a0vtytzklhbmn
2015-08-15 22:54 - 2014-12-14 19:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-15 21:02 - 2011-02-11 10:56 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-13 19:52 - 2013-07-20 22:41 - 15728640 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-08-09 12:30 - 2013-07-17 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-09 11:15 - 2015-07-13 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\731d3bff00001862
2015-08-01 17:16 - 2015-06-14 16:39 - 00000000 ____D C:\Program Files\RoughDraft
2015-07-30 18:13 - 2014-12-25 10:05 - 00000020 ____H C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
2015-07-29 20:51 - 2014-09-10 19:39 - 00000480 _____ C:\WINDOWS\Tasks\Driver Support-RTMScan.job
2015-07-29 17:45 - 2014-12-25 10:05 - 00000020 ____H C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
2015-07-27 16:31 - 2015-07-21 22:16 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Nikon
2015-07-26 16:41 - 2015-07-15 12:38 - 00000000 ____D C:\Program Files\3b5f9141-4e41-45af-8a2d-b4e0390a2c25
2015-07-26 16:04 - 2015-07-06 12:26 - 00000000 ____D C:\Program Files\AnySend
2015-07-26 16:00 - 2015-07-12 22:49 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Nosibay
==================== Files in the root of some directories =======
2015-05-11 18:46 - 2015-05-26 15:50 - 0000079 _____ () C:\Program Files\prefs.js
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
Some files in TEMP:
====================
C:\Documents and Settings\Katie\Local Settings\Temp\Uninstall.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\1607.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\1787.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\5452.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\7359.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\9393.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\KUIU.EXE
C:\Documents and Settings\sheofourtris\Local Settings\Temp\of3w58846.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\oprun9953.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\sheofourtris\Local Settings\Temp\Uninstall.exe
C:\Documents and Settings\sheofourtris\Local Settings\Temp\UninstallModule.exe
Some zero byte size files/folders:
==========================
C:\Windows\System32\d3dx9_25.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2015
Ran by Administrator (2015-08-25 12:02:10)
Running from C:\Documents and Settings\Writing\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Sign In
Create Account
