Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2015 Ran by Administrator (administrator) on D620 (26-08-2015 15:50:39) Running from C:\Documents and Settings\Writing\Desktop Loaded Profiles: Writing & Administrator (Available Profiles: Katie & Kat3lr & sheofourtris & Writing & Trial & Administrator & Guest) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Copyright © Microsoft 2015) C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Zedge.net) C:\Documents and Settings\Writing\Local Settings\Apps\2.0\ZKDWEK5V.MWT\ZNMLO2KN.KCD\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.161\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe (Opera Software) C:\Program Files\Opera\31.0.1889.161\opera.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /installquiet HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.) HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1392640 2009-09-21] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1206544 2009-09-21] (Intel(R) Corporation) HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM\...\Run: [Nikon Message Center 2] => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-854245398-616249376-1801674531-1023\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-854245398-616249376-1801674531-1023\...\Run: [ZedgeToneSync] => C:\Documents and Settings\Writing\Local Settings\Apps\2.0\Data\RGJPKQWW.QEY\XK5VDWOH.CY7\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2013-07-20] ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-854245398-616249376-1801674531-1023\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-854245398-616249376-1801674531-1023\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ URLSearchHook: [S-1-5-21-854245398-616249376-1801674531-1023] ATTENTION => Default URLSearchHook is missing URLSearchHook: [S-1-5-21-854245398-616249376-1801674531-500] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKLM -> TopResultURLFallback hxxp://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F77ztutdk0001,c8ac14aa-5d80-478b-926f-2e83e5b049c9, SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search SearchScopes: HKU\.DEFAULT -> {4B5B4143-FBDA-4EDB-991B-F2814D7E432E} URL = hxxps://search.yahoo.com/yhs/search?hspart=tightrope&hsimp=yhs-tig1&type=11191_011915&p={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-854245398-616249376-1801674531-1023 -> TopResultURL hxxp://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F77ztutdk0001,c8ac14aa-5d80-478b-926f-2e83e5b049c9, SearchScopes: HKU\S-1-5-21-854245398-616249376-1801674531-1023 -> {A755D706-0B3C-481D-9896-DBD699A7CA74} URL = DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297435219125 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{1846F656-928A-4D9A-A6F0-63675E8E1C68}: [NameServer] 208.67.222.222 Tcpip\..\Interfaces\{1846F656-928A-4D9A-A6F0-63675E8E1C68}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{900BA0E0-8D74-4418-AFDC-CC2C11907923}: [DhcpNameServer] 10.1.7.10 10.32.1.11 10.40.4.10 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-01-18] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-29] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-08-25] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-04] (Oracle Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 msdotnetserv_v2050729; C:\Program Files\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015) R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [954368 2009-09-21] (Intel(R) Corporation) [File not signed] R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [364544 2009-09-21] (Intel(R) Corporation) [File not signed] S2 GIX38; "C:\Documents and Settings\Writing\Local Settings\Application Data\UpdaterSvcSmarterPower1024\updatersvcsmarterpower.exe" "/s" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro) S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-26] (Malwarebytes Corporation) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-15] (Intel Corporation) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2009-08-10] (Intel Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) S3 TIEHDUSB; C:\WINDOWS\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed] S0 cerc6; no ImagePath S3 cpuz136; \??\C:\DOCUME~1\Katie\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X] S3 HSFHWAZL; system32\DRIVERS\HSFHWAZL.sys [X] S3 HSF_DPV; system32\DRIVERS\HSF_DPV.sys [X] S4 IntelIde; no ImagePath S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X] S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] S3 usbbus; system32\DRIVERS\lgusbbus.sys [X] S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X] S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X] S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-26 13:02 - 2015-08-26 15:45 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\Deployment 2015-08-26 12:02 - 2015-08-26 12:28 - 00000000 ____D C:\AdwCleaner 2015-08-26 11:55 - 2015-08-26 11:55 - 00098304 _____ C:\WINDOWS\Minidump\Mini082615-02.dmp 2015-08-26 11:50 - 2015-08-26 11:50 - 00098304 _____ C:\WINDOWS\Minidump\Mini082615-01.dmp 2015-08-25 12:00 - 2015-08-26 15:50 - 00000000 ____D C:\FRST 2015-08-25 11:53 - 2015-08-25 11:53 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Spacejock Software 2015-08-25 11:34 - 2015-08-25 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2015-08-25 11:29 - 2015-08-26 15:45 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-25 11:29 - 2015-08-26 15:34 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-24 19:05 - 2015-08-24 19:05 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Windows Search 2015-08-24 19:03 - 2015-08-26 12:56 - 00005596 _____ C:\WINDOWS\setupapi.log 2015-08-24 16:45 - 2015-08-24 16:45 - 00000000 ____D C:\Program Files\CCleaner 2015-08-24 16:45 - 2015-08-24 16:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2015-08-24 16:37 - 2015-08-26 15:46 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-24 16:37 - 2015-08-24 16:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-24 16:37 - 2015-08-24 16:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-24 16:37 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-24 16:37 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-08-23 22:19 - 2015-08-23 22:19 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\WinRAR 2015-08-23 22:15 - 2012-02-17 14:01 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFC71.dll 2015-08-23 22:15 - 2012-02-17 14:01 - 01047552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFC71u.dll 2015-08-23 22:14 - 2015-08-23 22:14 - 00000000 ____D C:\Program Files\TI Education 2015-08-23 22:14 - 2015-08-23 22:14 - 00000000 ____D C:\Program Files\Common Files\TI Shared 2015-08-23 22:14 - 2015-08-23 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TI Tools 2015-08-23 22:14 - 2004-02-04 10:27 - 00049536 _____ (Texas Instruments Incorporated) C:\WINDOWS\system32\Drivers\tiehdusb.sys 2015-08-23 22:14 - 2004-01-28 15:03 - 00021456 _____ (Texas Instruments Incorporated) C:\WINDOWS\system32\Drivers\SilvrLnk.sys 2015-08-23 22:02 - 2015-08-26 12:56 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-08-23 22:02 - 2015-08-26 12:56 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-08-23 22:02 - 2015-08-26 12:56 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-08-23 22:02 - 2015-08-26 12:56 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-08-23 22:02 - 2015-08-26 12:56 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-08-23 21:35 - 2015-08-23 21:35 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini 2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini 2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini 2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini 2015-08-23 14:41 - 2015-08-23 15:11 - 00000178 ___SH C:\Documents and Settings\Trial\ntuser.ini 2015-08-23 14:41 - 2015-08-23 14:41 - 00045776 _____ C:\Documents and Settings\Trial\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Apple Computer 2015-08-23 14:40 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Temp 2015-08-23 14:40 - 2015-08-23 14:41 - 00000000 ____D C:\Documents and Settings\Trial 2015-08-23 14:40 - 2015-06-20 22:00 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Windows Desktop Search 2015-08-23 14:40 - 2014-09-21 11:13 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Macromedia 2015-08-23 14:40 - 2013-05-21 22:54 - 00000000 ____D C:\Documents and Settings\Trial\Application Data\Intel 2015-08-23 14:40 - 2012-09-19 20:15 - 00000000 ____D C:\Documents and Settings\Trial\Local Settings\Application Data\Microsoft Help 2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache 2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache 2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache 2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache 2015-08-23 14:40 - 2012-03-21 12:44 - 00000000 __SHD C:\Documents and Settings\Trial\IETldCache 2015-08-17 10:10 - 2015-08-17 10:10 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Application Data\Opera Software 2015-08-17 10:10 - 2015-08-17 10:10 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Opera Software 2015-08-17 10:09 - 2015-08-26 15:45 - 00000380 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1439820538.job 2015-08-17 10:09 - 2015-08-26 15:43 - 00000663 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk 2015-08-13 19:49 - 2015-08-13 19:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Sun ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-26 15:52 - 2015-01-19 19:11 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-08-26 15:50 - 2015-07-12 17:06 - 00000000 ____D C:\Documents and Settings\Writing\Local Settings\Temp 2015-08-26 15:47 - 2011-02-11 08:33 - 01437517 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-26 15:45 - 2014-12-12 16:48 - 00000000 ____D C:\Program Files\Opera 2015-08-26 15:45 - 2014-09-04 21:33 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-08-26 15:45 - 2011-02-11 10:19 - 00153495 _____ C:\WINDOWS\system32\nvModes.001 2015-08-26 15:45 - 2011-02-11 10:18 - 00184314 _____ C:\WINDOWS\system32\nvapps.xml 2015-08-26 15:45 - 2011-02-11 03:28 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-08-26 15:45 - 2011-02-11 03:28 - 00000049 _____ C:\WINDOWS\wiaservc.log 2015-08-26 15:45 - 2008-04-14 03:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-08-26 15:44 - 2012-03-21 13:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$ 2015-08-26 15:44 - 2011-02-11 08:39 - 00032642 _____ C:\WINDOWS\SchedLgU.Txt 2015-08-26 15:44 - 2011-02-11 08:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-26 15:43 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini 2015-08-26 15:43 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini 2015-08-26 15:43 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini 2015-08-26 15:43 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini 2015-08-26 15:43 - 2015-07-12 17:06 - 00000178 ___SH C:\Documents and Settings\Writing\ntuser.ini 2015-08-26 15:42 - 2015-05-27 18:01 - 00000000 ____D C:\Documents and Settings\sheofourtris\Local Settings\Temp 2015-08-26 15:42 - 2015-01-10 15:00 - 00000000 ____D C:\Program Files\Windows Network Accelerater 2015-08-26 15:42 - 2014-09-03 06:26 - 00000000 ____D C:\Documents and Settings\Katie\Local Settings\Temp 2015-08-26 15:10 - 2014-10-23 15:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-08-26 12:05 - 2011-02-11 08:32 - 00000000 ____D C:\Program Files\Common Files\System 2015-08-26 11:55 - 2013-10-19 15:04 - 00000000 ____D C:\WINDOWS\Minidump 2015-08-26 11:48 - 2013-07-20 21:17 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2015-08-25 11:33 - 2014-09-06 01:10 - 00000000 ____D C:\Program Files\Google 2015-08-24 19:19 - 2015-06-14 18:41 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-24 17:12 - 2015-07-12 17:06 - 00000000 ____D C:\Documents and Settings\Writing 2015-08-24 16:24 - 2015-07-12 17:06 - 00049712 _____ C:\Documents and Settings\Writing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-08-24 16:18 - 2011-02-11 03:24 - 00206512 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-23 22:19 - 2011-02-11 03:25 - 00621830 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-23 22:14 - 2011-02-11 03:16 - 00000000 ____D C:\WINDOWS\twain_32 2015-08-23 22:14 - 2011-02-11 03:16 - 00000000 ____D C:\WINDOWS\system 2015-08-23 22:02 - 2015-01-19 19:11 - 00000000 ___SD C:\Documents and Settings\Administrator 2015-08-23 21:59 - 2013-07-20 21:15 - 00000000 ____D C:\Program Files\Windows Media Connect 2 2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini 2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini 2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini 2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini 2015-08-23 21:15 - 2015-05-27 18:01 - 00000178 ___SH C:\Documents and Settings\sheofourtris\ntuser.ini 2015-08-23 21:15 - 2015-05-27 18:00 - 00000000 ____D C:\Documents and Settings\sheofourtris 2015-08-23 14:44 - 2012-03-23 12:11 - 00000000 ____D C:\Temp 2015-08-23 14:41 - 2011-02-11 10:19 - 00153495 _____ C:\WINDOWS\system32\nvModes.dat 2015-08-18 14:57 - 2008-04-14 03:00 - 00000657 _____ C:\WINDOWS\win.ini 2015-08-15 22:54 - 2014-12-14 19:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-08-15 21:02 - 2011-02-11 10:56 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-13 19:52 - 2013-07-20 22:41 - 15728640 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2015-08-09 12:30 - 2013-07-17 09:30 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-27 16:31 - 2015-07-21 22:16 - 00000000 ____D C:\Documents and Settings\Writing\Application Data\Nikon Some files in TEMP: ==================== C:\Documents and Settings\Katie\Local Settings\Temp\Uninstall.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\1607.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\1787.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\5452.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\7359.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\9393.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\KUIU.EXE C:\Documents and Settings\sheofourtris\Local Settings\Temp\of3w58846.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\oprun9953.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\SpOrder.dll C:\Documents and Settings\sheofourtris\Local Settings\Temp\Uninstall.exe C:\Documents and Settings\sheofourtris\Local Settings\Temp\UninstallModule.exe Some zero byte size files/folders: ========================== C:\Windows\System32\d3dx9_25.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================