Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't boot in normal mode; inconsistent drive space [Solved]

Started by devilbear , Aug 08 2014 06:31 PM

  • This topic is locked This topic is locked

#1
devilbear
Posted 08 August 2014 - 06:31 PM

devilbear

    Member

  • Member
  • PipPip
  • 64 posts

Hi! I've got an odd problem going on, and was informed that this section of the forums may be better able to assist. My original thread is here: click to view and goes into minute detail about the situation.

 

The relevant information is that I installed the retail version (CD-ROM) of Activision/Troika game Vampire the Masquerade: Bloodlines. I applied the official patch, downloaded through a rather well-known modding comunity, and installed it before actually playing the game. Also, during installation of the main part, I declined installing Direct X 9, as I was rather positive I had a more-recent version installed and these game discs were fairly old/outdated anyway. While playing the game for 6+ hours, I also had a download of a player-created mod (Clan Quest Mod) downloading. My internet's slow due to being rural broadband; the file itself was under 1gb in size.

 

After the dowload (performed through Firefox 29, Portable Edition) finished, my internet disconneted itself. It wasn't a normal disconnect like when my ISP has issues or the router hiccups. In this case, it went all the way back to the 'disconnected; nertworks available' animation and forced me to manually reconnect. This occurred several times, a few minutes apart, to the point I began to worry I'd somehow 'worn out' my network card.

 

There were some odd events in the event viewer, but none of which I could make heads or tails of. They just seemed kind of bothersome/worrisome to me. So, fearing I'd contracted a virus or malware, I updated and ran MBAM. In the process of scanning, it hung on a .dll (can't remember which) and the entire system became unusable. In a panic, I held down the power button to 'reset' the system.

 

Fifteen minutes or so later, I went to safe mode (as I feared a virus caused the hang) and ran MBAM that way. The scan said 8 were detected, but they were all Gimp extensions and google turned up nothing about the type of infection they were supposed to be so I ignored them. While I was there, I ran Defraggler, but it started hanging and I aborted, narrowed the file selection, and tried agian-- rise, repeat a few times.

 

I attempted to reboot my system, but it took ages and the desktop which loaded was totally glitched out. I couldn't use my mouse or do anything; it only parially loaded the general aesthetic of the dashboard before deciding it didn't feel like trying. The only option to shut it back down was to hold the power button again. The second attempt at rebooting was worse, and only turned up a black screen with the cursor in the middle.

 

Now, the only boot mode I can get into is safe boot-- thankfully the option with networking does work, as that's how I'm posting this right now. I've also noticed that, while my drive should only have ~24gb free space, here in safe mode it claims to have 47.7gb free space.

 

Thanks in advance, and I sure hope that we can figure out what's going on and how to fix my laptop! Also, my apologies if anything doesn't make sense; I'm literally falling asleep on myself right now, but wanted to get this posted before I left.

 

 

Below is the OTL readout:

 

 

OTL logfile created on: 8/8/2014 6:03:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Me\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 77.28% Memory free
5.75 Gb Paging File | 5.27 Gb Available in Paging File | 91.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.38 Gb Total Space | 47.74 Gb Free Space | 34.25% Space Free | Partition Type: NTFS
Drive D: | 9.67 Gb Total Space | 1.71 Gb Free Space | 17.72% Space Free | Partition Type: NTFS
 
Computer Name: SPIEGEL | User Name: Me | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/08 17:33:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Me\Desktop\OTL.exe
PRC - [2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008/02/04 15:29:02 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2007/04/30 19:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/23 00:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007/04/21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002/11/19 14:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Stardock\ODimg.dll
MOD - [2002/03/13 19:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/08/24 02:46:25 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2008/08/24 02:46:23 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2008/08/24 02:46:23 | 000,192,512 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgrssvc.exe -- (AvgCoreSvc)
SRV - [2008/04/28 00:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/04/15 13:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\stacsv.exe -- (STacSV)
SRV - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () [Auto | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/03/12 21:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\muvee Technologies\muvee autoProducer 6.1 -- (NTIDrvr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 01:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/08/24 02:55:30 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgclean.sys -- (AvgClean)
DRV - [2008/08/24 02:55:26 | 000,026,952 | ---- | M] (GRISOFT, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/05/08 20:01:42 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 04:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/04/28 00:27:10 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008/04/27 13:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 13:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/11 12:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/27 14:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 14:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 15:39:54 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Me\AppData\Local\Temp\ewdmaudn.sys -- (ewdmaudn)
DRV - [2008/02/14 09:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/24 08:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/07 18:54:50 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/05/25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RMClock\RTCore32.sys -- (RTCore32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {88C464C8-3E96-4A23-8D0A-E94467635565}
IE - HKLM\..\SearchScopes\{88C464C8-3E96-4A23-8D0A-E94467635565}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{EFD512E0-600A-48B5-BFAC-B970AD1E5D2A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\..\SearchScopes,DefaultScope = {88C464C8-3E96-4A23-8D0A-E94467635565}
IE - HKCU\..\SearchScopes\{88C464C8-3E96-4A23-8D0A-E94467635565}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKCU\..\SearchScopes\{EFD512E0-600A-48B5-BFAC-B970AD1E5D2A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "The Free Dictionary"
FF - prefs.js..browser.search.selectedEngine: "The Free Dictionary"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B58c64034-c5f3-4179-85f5-81642f42b6d5%7D:2.22.1
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.33
FF - prefs.js..extensions.enabledAddons: %7B1dbc4a33-ea62-4330-966c-7bdad3455322%7D:1.0.6.10
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.4
FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7
FF - prefs.js..extensions.enabledAddons: %7Bad4ee9e5-49c7-4589-acf3-db9fa76a95c9%7D:2.2.1
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5
FF - prefs.js..extensions.enabledAddons: %7B0e91bc50-5f71-11e0-80e3-0800200c9a66%7D:0.2
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.2
FF - prefs.js..extensions.enabledAddons: personasexpression%40eddiescorpse.private:2.1.3
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17
FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.3
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.4
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: ffe_ffix%40game-point.net:2.0.0
FF - prefs.js..extensions.enabledAddons: xkit%40studioxenix.com:7.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/12 10:06:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2014/07/21 16:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Extensions
[2014/08/07 15:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions
[2014/07/08 19:34:40 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2014/07/08 17:12:31 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2008/08/24 00:53:19 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2014/07/08 17:11:47 | 000,000,000 | ---D | M] (Fingerfox (SE)) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
[2009/04/02 02:10:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(52)
[2014/07/08 17:11:19 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 19:31:20 | 000,098,595 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 18:08:16 | 000,344,276 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 18:07:25 | 000,458,672 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\CSTBB@NArisT2_Noia4dev.xpi
[2014/07/08 17:45:44 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 20:00:36 | 000,088,745 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 19:46:00 | 001,225,715 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 18:06:32 | 000,007,863 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 18:04:16 | 000,052,857 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/09 00:46:53 | 000,349,810 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 18:05:09 | 000,065,623 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 19:24:08 | 000,085,563 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 19:12:29 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 19:12:29 | 000,049,239 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 21:22:52 | 000,088,767 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\[email protected]
[2014/07/08 18:08:16 | 000,008,682 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{0e91bc50-5f71-11e0-80e3-0800200c9a66}.xpi
[2014/07/08 17:11:31 | 000,293,729 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2014/07/08 17:11:59 | 000,538,443 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/07/08 19:30:18 | 000,014,793 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi
[2014/07/08 17:12:54 | 000,025,991 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}.xpi
[2014/07/08 18:08:16 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2014/07/08 17:44:50 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/08 17:12:49 | 000,788,466 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014/07/08 19:31:20 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/07/08 20:00:36 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/07/08 17:12:53 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2008/08/24 00:53:19 | 001,148,079 | ---- | M] () (No name found) -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}\chrome\tmp.xpi
[2008/09/12 04:21:23 | 000,000,437 | ---- | M] () -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\dream-journal.xml
[2014/07/08 18:04:16 | 000,000,364 | ---- | M] () -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\duckduckgo.xml
[2010/10/21 04:48:36 | 000,002,043 | ---- | M] () -- C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\the-free-dictionary.xml
[2014/07/08 17:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/08 17:09:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/07/11 17:40:02 | 000,000,081 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 download.skype.com
O1 - Hosts: 127.0.0.1   ui.skype.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Aim6]  File not found
O4 - Startup: C:\Users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 10.10.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03F18E8A-CA29-4E65-A728-D0BB73517000}: DhcpNameServer = 100.100.0.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8167A2A5-D88B-46DC-8378-09EFF5DB2CA1}: DhcpNameServer = 208.67.222.222 208.67.220.220 10.10.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgwlntf: DllName - (avgwlntf.dll) - C:\Windows\System32\avgwlntf.dll (GRISOFT, s.r.o.)
O24 - Desktop WallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Me\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/12 08:36:39 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/08 17:33:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Me\Desktop\OTL.exe
[2014/08/08 11:56:15 | 000,000,000 | ---D | C] -- C:\Users\Me\Desktop\Saved
[2014/08/07 16:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire - The Masquerade Bloodlines
[2014/08/07 16:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2014/08/05 04:53:39 | 000,000,000 | ---D | C] -- C:\Users\Me\Documents\GoogleChromePortableBeta
[2014/07/11 17:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/07/11 17:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/08 17:33:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Me\Desktop\OTL.exe
[2014/08/08 16:58:48 | 000,001,356 | ---- | M] () -- C:\Users\Me\AppData\Local\d3d9caps.dat
[2014/08/08 12:43:36 | 000,057,344 | ---- | M] () -- C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/08 11:46:07 | 000,594,698 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/08 11:46:06 | 000,100,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/08 11:40:35 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/08/08 11:40:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/08 11:37:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/08 11:37:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/08 11:37:39 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D77409A7-A3A2-4033-9A35-852519C12020}.job
[2014/08/07 17:15:48 | 000,001,725 | ---- | M] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
[2014/08/07 16:48:19 | 000,000,285 | ---- | M] () -- C:\Windows\vtmb.ini
[2014/08/06 14:29:08 | 000,005,813 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/07/31 04:20:20 | 000,023,696 | ---- | M] () -- C:\Users\Me\.recently-used.xbel
[2014/07/11 23:22:36 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2014/07/11 17:05:01 | 000,786,432 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2014/07/11 17:05:01 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2014/07/11 17:05:01 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/07 16:48:22 | 000,001,725 | ---- | C] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
[2014/08/07 16:48:19 | 000,000,285 | ---- | C] () -- C:\Windows\vtmb.ini
[2014/07/31 04:20:20 | 000,023,696 | ---- | C] () -- C:\Users\Me\.recently-used.xbel
[2014/07/11 17:04:50 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2014/07/11 17:04:50 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2014/07/11 17:04:49 | 000,786,432 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2013/08/08 01:53:32 | 000,000,000 | ---- | C] () -- C:\Users\Me\nslookup
[2009/07/12 05:29:44 | 000,000,000 | ---- | C] () -- C:\Users\Me\.gtk-bookmarks
[2008/12/07 14:10:30 | 000,001,356 | ---- | C] () -- C:\Users\Me\AppData\Local\d3d9caps.dat
[2008/09/23 08:35:21 | 000,000,000 | ---- | C] () -- C:\Users\Me\AppData\Roaming\wklnhst.dat
[2008/08/30 05:02:45 | 000,031,007 | ---- | C] () -- C:\Users\Me\AppData\Roaming\UserTile.png
[2008/08/24 05:38:52 | 000,057,344 | ---- | C] () -- C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/01/20 21:23:46 | 011,580,416 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2008/01/20 21:24:24 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/02/09 01:14:23 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\.purple
[2008/08/23 23:51:53 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\acccore
[2014/03/27 19:07:59 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Atari
[2013/07/30 04:04:05 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Audacity
[2013/05/03 18:33:42 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\AVG7
[2008/08/22 20:39:31 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\DigitalPersona
[2009/09/27 03:51:42 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\FileZilla
[2008/08/30 00:59:48 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Fingerfox (SE)
[2009/01/19 17:57:32 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\funkitron
[2014/07/31 04:20:20 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\gtk-2.0
[2009/01/21 08:47:39 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\iWin
[2008/09/21 13:46:40 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Leadertech
[2009/01/21 13:30:54 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Legends of pirates
[2014/05/02 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Moonchild Productions
[2008/08/26 02:45:54 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Mp3tag
[2009/12/28 12:24:18 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\muvee Technologies
[2008/08/30 05:02:45 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PeerNetworking
[2008/09/04 11:36:42 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\PlayFirst
[2013/11/06 05:00:24 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\QuickScan
[2008/08/28 05:32:57 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Super-Cow
[2008/09/01 14:09:01 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Tenebril
[2012/09/29 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Me\AppData\Roaming\Trillian
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Me\Documents\Souleater's Remorse.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Me\Documents\Once Upon a December.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Me\Documents\Cowboy Bebop - Bang Bang.mpg:TOC.WMV
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:206E2596

< End of report >
 


  • 0

Advertisements

#2
Essexboy
Posted 09 August 2014 - 06:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, a few things I noticed was that AVG is outdated and Vista is now on SP2 , we will sort those out later.

First we will try to get you booting into normal mode and then work from there

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.
Cleanboot1.JPG
2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.
cleanboot2.JPG
5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.

Allow to boot to normal mode and let me know if that works

Then using either normal or safe mode (normal preferred)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
devilbear
Posted 09 August 2014 - 07:03 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Hi, and thanks for responding. Before I continue, I'd like to ask whether I need to check the "use original boot configuration" section in msconfig. Unlike in the example, mine is neither greyed out or checked by default. (Unchecking 'load startup items' doesn't make the boot configuration option grey out/unavailable, either.) It appears as below:

 

ZRHPgsT.jpg

 

Just want to be clear on the instructions before continuing, since mine is so different.


Edited by devilbear, 09 August 2014 - 07:04 AM.

  • 0

#4
Essexboy
Posted 09 August 2014 - 07:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Just leave that section blank please :)


  • 0

#5
devilbear
Posted 09 August 2014 - 07:58 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Finally got it to work; that took a while. For the sake of providing full information, here's a recount of what happened:

 

The restart took an abnormally long time, and once the desktop appeared, the system started to hang. That lasted for a little while, and I just sat there waiting for it to catch up. I got an alert that Windows Calendar stopped working. The start menu came up as just a frame at first, but eventually loaded the start menu contents after an alertthat Spooler Subsystem App stopped working.

 

I was able to connect to the internet and launch Firefox, but it took an abnormally long time for Firefox to launch and appear, though the service was listed in the Task Manager already. When Firefox finally opened, it was very laggy and hung up twice in the attempt to get to the linked Farbar utility. I was, however, able to tough it out and download the file when Firefox started responding again. After the hang, I got another notification about the Spooler Subsystem App stopping.

 

From the moment the system booted into normal mode using the method you told me to, to the moment the download was complete, the drive light never once stopped being lit. I got another error about the Spooler Subsystem App stopping, but afterward was able to launch and run Farbar without issue. The scan completed quickly; most of the wait was spent getting my system to stop hanging.

 

Also, since I can't find an option to actually attach files, I will be pasting the two logs into posts of their own below this one.


  • 0

#6
devilbear
Posted 09 August 2014 - 07:59 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Me (administrator) on SPIEGEL on 09-08-2014 08:34:18
Running from C:\Users\Me\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(PortableApps.com) C:\Users\Me\Documents\29.FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Users\Me\Documents\29.FirefoxPortable\App\Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\avgwlntf: C:\Windows\system32\avgwlntf.dll (GRISOFT, s.r.o.)
HKU\.DEFAULT\...\Run: [AVG7_Run] => C:\Program Files\Grisoft\AVG7\avgw.exe [219136 2008-08-24] (GRISOFT, s.r.o.)
HKU\S-1-5-21-1207773905-1277427825-2978845657-1000\...\Run: [Aim6] =>                                                                                                                                                                                                          (the data entry has 824 more characters).
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {88C464C8-3E96-4A23-8D0A-E94467635565} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKLM - {88C464C8-3E96-4A23-8D0A-E94467635565} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKLM - {EFD512E0-600A-48B5-BFAC-B970AD1E5D2A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {88C464C8-3E96-4A23-8D0A-E94467635565} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKCU - {88C464C8-3E96-4A23-8D0A-E94467635565} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKCU - {EFD512E0-600A-48B5-BFAC-B970AD1E5D2A} URL = http://www.ask.com/w...}&l=dis&o=ushpl
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 10.10.10.1

FireFox:
========
FF ProfilePath: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default
FF DefaultSearchEngine: The Free Dictionary
FF SelectedSearchEngine: The Free Dictionary
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
FF SearchPlugin: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\dream-journal.xml
FF SearchPlugin: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\searchplugins\the-free-dictionary.xml
FF Extension: British English Dictionary - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Forecastfox - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2014-07-08]
FF Extension: Remove It Permanently - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2014-07-08]
FF Extension: Abstract Classic - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66} [2008-08-24]
FF Extension: Fingerfox (SE) - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5} [2014-07-08]
FF Extension: Greasemonkey - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(52) [2009-04-02]
FF Extension: DownThemAll! AntiContainer - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Classic Theme Restorer - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Classic Toolbar Buttons - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2014-07-08]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: FeatureFix - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Ghostery - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: transparent-standalone-images - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Keyword Search - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Minilogs.com's Firefox Extension - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-09]
FF Extension: Multifox - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: New Tab Tools - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Personas Plus - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: Personas Expression - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: XKit - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\[email protected] [2014-07-08]
FF Extension: App Tab Initializer - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{0e91bc50-5f71-11e0-80e3-0800200c9a66}.xpi [2014-07-08]
FF Extension: Stylish - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-07-08]
FF Extension: NoScript - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-08]
FF Extension: Downloads Window - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2014-07-08]
FF Extension: LJlogin - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}.xpi [2014-07-08]
FF Extension: RightToClick - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-07-08]
FF Extension: Adblock Plus - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08]
FF Extension: Tab Mix Plus - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-07-08]
FF Extension: DownThemAll! - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-07-08]
FF Extension: Greasemonkey - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-07-08]
FF Extension: Menu Editor - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2014-07-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008-06-12]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe [73728 2008-02-12] (Andrea Electronics Corporation)
S4 Avg7Alrt; C:\Program Files\Grisoft\AVG7\avgamsvr.exe [418816 2008-08-24] (GRISOFT, s.r.o.) [File not signed]
S4 Avg7UpdSvc; C:\Program Files\Grisoft\AVG7\avgupsvc.exe [49664 2008-08-24] (GRISOFT, s.r.o.) [File not signed]
S4 AvgCoreSvc; C:\Program Files\Grisoft\AVG7\avgrssvc.exe [192512 2008-08-24] (GRISOFT, s.r.o.) [File not signed]
S4 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [302144 2008-03-12] (DigitalPersona, Inc.) [File not signed]
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-15] ()
S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-15] ()
S4 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [247296 2008-01-27] (Microsoft Corporation) [File not signed]
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe [221239 2008-04-15] (IDT, Inc.)
R2 Themes; C:\Windows\system32\shsvcs.dll [247296 2008-01-27] (Microsoft Corporation) [File not signed]
S2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AvgClean; C:\Windows\System32\Drivers\avgclean.sys [10760 2008-08-24] (GRISOFT, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [26952 2008-08-24] (GRISOFT, s.r.o.)
S3 ewdmaudn; C:\Users\Me\AppData\Local\Temp\ewdmaudn.sys [31744 2008-02-29] () [File not signed]
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-02] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-02] (Logitech, Inc.)
S3 RTCore32; C:\Program Files\RMClock\RTCore32.sys [4608 2005-05-25] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NTIDrvr; \??\C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\mvBurnerDll\NTIDrvr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 08:34 - 2014-08-09 08:36 - 00015155 _____ () C:\Users\Me\Desktop\FRST.txt
2014-08-09 08:33 - 2014-08-09 08:35 - 00000000 ____D () C:\FRST
2014-08-09 08:32 - 2014-08-09 08:32 - 01084928 _____ (Farbar) C:\Users\Me\Desktop\FRST.exe
2014-08-08 18:19 - 2014-08-08 18:19 - 00065620 _____ () C:\Users\Me\Desktop\OTL.Txt
2014-08-08 17:33 - 2014-08-08 17:33 - 00602112 _____ (OldTimer Tools) C:\Users\Me\Desktop\OTL.exe
2014-08-08 11:56 - 2014-08-08 17:04 - 00000000 ____D () C:\Users\Me\Desktop\Saved
2014-08-07 16:48 - 2014-08-07 17:15 - 00001725 _____ () C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
2014-08-07 16:48 - 2014-08-07 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire - The Masquerade Bloodlines
2014-08-07 16:48 - 2014-08-07 16:48 - 00000285 _____ () C:\Windows\vtmb.ini
2014-08-07 16:30 - 2014-08-08 03:52 - 00000000 ____D () C:\Program Files\Activision
2014-08-05 04:53 - 2014-08-05 09:30 - 00000000 ____D () C:\Users\Me\Documents\GoogleChromePortableBeta
2014-07-31 04:20 - 2014-07-31 04:20 - 00023696 _____ () C:\Users\Me\.recently-used.xbel
2014-07-25 02:16 - 2014-08-07 10:32 - 00000000 ____D () C:\Users\Me\Downloads\Dean Gifs
2014-07-11 17:30 - 2014-07-11 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-11 17:30 - 2014-07-11 17:30 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-11 17:04 - 2014-07-11 17:05 - 00786432 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2014-07-11 17:04 - 2014-07-11 17:05 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2014-07-11 17:04 - 2014-07-11 17:05 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 08:36 - 2014-08-09 08:34 - 00015155 _____ () C:\Users\Me\Desktop\FRST.txt
2014-08-09 08:35 - 2014-08-09 08:33 - 00000000 ____D () C:\FRST
2014-08-09 08:35 - 2009-04-25 00:34 - 00000412 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D77409A7-A3A2-4033-9A35-852519C12020}.job
2014-08-09 08:32 - 2014-08-09 08:32 - 01084928 _____ (Farbar) C:\Users\Me\Desktop\FRST.exe
2014-08-09 08:32 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-08-09 08:25 - 2006-11-02 05:33 - 00690960 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 08:24 - 2008-08-22 22:53 - 00000000 ____D () C:\Users\Me\AppData\Roaming\Mozilla
2014-08-09 08:23 - 2008-08-16 13:42 - 01078522 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 08:18 - 2008-11-04 01:31 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-09 08:18 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 08:18 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 08:18 - 2006-11-02 07:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 08:16 - 2008-08-23 07:27 - 00000000 ____D () C:\Windows\pss
2014-08-08 18:19 - 2014-08-08 18:19 - 00065620 _____ () C:\Users\Me\Desktop\OTL.Txt
2014-08-08 17:33 - 2014-08-08 17:33 - 00602112 _____ (OldTimer Tools) C:\Users\Me\Desktop\OTL.exe
2014-08-08 17:04 - 2014-08-08 11:56 - 00000000 ____D () C:\Users\Me\Desktop\Saved
2014-08-08 16:58 - 2008-12-07 14:10 - 00001356 _____ () C:\Users\Me\AppData\Local\d3d9caps.dat
2014-08-08 14:19 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-08-08 13:37 - 2014-03-13 22:23 - 00000000 ____D () C:\Users\Me\Downloads\wolves
2014-08-08 13:02 - 2012-05-26 10:40 - 00000000 ___RD () C:\Users\Me\Desktop\Misc
2014-08-08 12:43 - 2008-08-24 05:38 - 00057344 _____ () C:\Users\Me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-08 06:21 - 2012-11-26 20:01 - 00000000 ____D () C:\Users\Me\AppData\Roaming\Skype
2014-08-08 03:52 - 2014-08-07 16:30 - 00000000 ____D () C:\Program Files\Activision
2014-08-07 17:15 - 2014-08-07 16:48 - 00001725 _____ () C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
2014-08-07 17:02 - 2008-06-12 07:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-07 17:00 - 2014-08-07 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vampire - The Masquerade Bloodlines
2014-08-07 16:48 - 2014-08-07 16:48 - 00000285 _____ () C:\Windows\vtmb.ini
2014-08-07 10:32 - 2014-07-25 02:16 - 00000000 ____D () C:\Users\Me\Downloads\Dean Gifs
2014-08-06 22:51 - 2013-10-13 04:40 - 00000000 ____D () C:\Users\Me\Documents\Taskbar Shuffle
2014-08-06 14:29 - 2008-06-12 07:23 - 00005813 _____ () C:\Windows\bthservsdp.dat
2014-08-06 14:29 - 2006-11-02 08:01 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 19:44 - 2013-08-16 00:17 - 00000000 ____D () C:\Users\Me\Downloads\Icons
2014-08-05 09:30 - 2014-08-05 04:53 - 00000000 ____D () C:\Users\Me\Documents\GoogleChromePortableBeta
2014-08-05 04:29 - 2012-08-04 22:48 - 00000000 ____D () C:\Users\Me\AppData\Local\Google
2014-08-03 10:22 - 2008-08-24 01:14 - 00000000 ____D () C:\Program Files\Trillian
2014-07-31 04:23 - 2008-10-03 02:33 - 00000000 ____D () C:\Users\Me\.gimp-2.6
2014-07-31 04:20 - 2014-07-31 04:20 - 00023696 _____ () C:\Users\Me\.recently-used.xbel
2014-07-31 04:20 - 2008-08-25 02:10 - 00000000 ____D () C:\Users\Me\AppData\Roaming\gtk-2.0
2014-07-31 04:20 - 2008-08-22 20:26 - 00000000 ____D () C:\Users\Me
2014-07-31 03:39 - 2014-07-05 23:31 - 00000000 ____D () C:\Users\Me\Downloads\Bunnies
2014-07-25 09:35 - 2008-08-22 22:53 - 00000000 ____D () C:\Users\Me\AppData\Local\Mozilla
2014-07-13 23:00 - 2014-05-17 01:30 - 00000000 ____D () C:\Users\Me\Downloads\Test - Iron
2014-07-11 23:22 - 2008-09-21 13:47 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2014-07-11 17:32 - 2012-11-26 20:01 - 00000000 ____D () C:\ProgramData\Skype
2014-07-11 17:30 - 2014-07-11 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-11 17:30 - 2014-07-11 17:30 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-11 17:30 - 2012-11-26 20:01 - 00000000 ___RD () C:\Program Files\Skype
2014-07-11 17:05 - 2014-07-11 17:04 - 00786432 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2014-07-11 17:05 - 2014-07-11 17:04 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2014-07-11 17:05 - 2014-07-11 17:04 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2014-07-11 16:52 - 2008-10-04 14:02 - 00000000 ____D () C:\Users\Me\Documents\Youcam

Some content of TEMP:
====================
C:\Users\Me\AppData\Local\Temp\SIntf16.dll
C:\Users\Me\AppData\Local\Temp\SIntf32.dll
C:\Users\Me\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-09 07:53

==================== End Of Log ============================


  • 0

#7
devilbear
Posted 09 August 2014 - 08:00 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014
Ran by Me at 2014-08-09 08:36:52
Running from C:\Users\Me\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.115.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Agere Systems USB 2.0 Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIM 6 (HKLM\...\AIM_6) (Version:  - )
Amazon.com Kindle Fire (HKLM\...\Kindle Fire Drivers) (Version:  - )
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{789EC9D6-5A0D-3CCA-957D-D0523BDE1638}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
AVG 7.5 (HKLM\...\AVG7Uninstall) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (HKLM\...\{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Czech (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Danish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Dutch (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help English (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Finnish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help French (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help German (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Greek (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Italian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Japanese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Korean (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Polish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Russian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Spanish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Swedish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Thai (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Turkish (Version: 2008.0508.2150.37248 - ATI) Hidden
ccc-core-static (Version: 2008.0508.2151.37248 - ATI) Hidden
ccc-utility (Version: 2008.0508.2151.37248 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.27 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.00 - Piriform)
DigitalPersona Personal 3.0.1 (HKLM\...\{AE72E414-0935-4AC8-B7D6-12E3039BEC13}) (Version: 3.0.1 - DigitalPersona, Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
GhostSurf 2005 (HKLM\...\GhostSurf_is1) (Version:  - Tenebril)
Gimp 2.6.0 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.63.2 - HP) Hidden
HP Active Support Library (Version: 3.1.4.1 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM\...\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}) (Version: 5.6.0.2510 - Hewlett-Packard)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM\...\{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}) (Version: 2.0.9.0 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6200 - HP)
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons 6.40 D3 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D3 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 109.9.19158 - Hewlett-Packard)
HP Smart Web Printing (Version: 109.9.19158 - Hewlett-Packard) Hidden
HP Total Care Advisor (HKLM\...\{f32502b5-5b64-4882-bf61-77f23edcac4f}) (Version: 2.1.3359.2635 - Hewlett-Packard)
HP Update (HKLM\...\{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}) (Version: 4.000.010.008 - Hewlett-Packard)
HP User Guides 0103 (HKLM\...\{B8169E45-8E23-430B-91D1-EC64540C8ED0}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_Tattoo (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookHolidayPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookModernPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookPlayfulPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookScrapbookPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM\...\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}) (Version: 1.0.964.2626 - Hewlett-Packard Company)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java™ 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.11.02 - JMicron Technology Corp.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
Last.fm 1.5.2.38918 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
LightScribe System Software  1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mp3tag v2.41 (HKLM\...\Mp3tag) (Version: v2.41 - Florian Heidenreich)
muvee autoProducer 6.1 (HKLM\...\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}) (Version: 6.10.050 - muvee Technologies)
ObjectDock (HKLM\...\ObjectDock) (Version:  - )
Photo Viewer 2.3 (HKLM\...\Photo Viewer) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{AAD72731-807A-4B79-AE05-9190B7002B7B}) (Version: 3.10 A7 - Hewlett-Packard)
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
Rainmeter (remove only) (HKLM\...\Rainmeter) (Version:  - )
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Revo Uninstaller 1.83 (HKLM\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
RollerCoaster Tycoon 3 Platinum (HKLM\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Skins (Version: 2008.0508.2151.37248 - ATI) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SlingPlayer (HKLM\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (Version: 1.04.0206 - Sling Media) Hidden
Solved! Studio 2005 (HKLM\...\{BB54B720-DB40-494E-83BF-1D4F5C99E75A}) (Version: 1.00.0000 - Bagatrix)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
Trillian (HKLM\...\Trillian) (Version:  - Cerulean Studios, LLC)
UDPixel.exe (HKLM\...\UDPixel) (Version:  - )
Validity Sensors software (HKLM\...\{567E8236-C414-4888-8211-3D61608D57AE}) (Version: 2.7.39 - Validity Sensors, Inc.)
Vampire - The Masquerade Bloodlines (HKLM\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (Version: 1.00.0000 - Activision) Hidden
Vampire - The Masquerade Bloodlines (Version: 1.2 - Activision) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 0.9.9 (HKLM\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
Window Washer 5 (HKLM\...\Window Washer 5) (Version:  - )
Windows Driver Package - Amazon.com (WinUSB) KindleFireUsbDeviceClass  (08/20/2012 1.0.0000.00000) (HKLM\...\289137531F7C014BF296EFFBFC7E3748A293FEE9) (Version: 08/20/2012 1.0.0000.00000 - Amazon.com)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Zoo Tycoon: Complete Collection (HKLM\...\Zoo Tycoon 1.0) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{83730EE4-6C46-11CF-A524-0080C77A7786}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\InprocServer32 -> C:\Windows\system32\msmask32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1207773905-1277427825-2978845657-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2014-07-11 17:40 - 00000081 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 download.skype.com
127.0.0.1   ui.skype.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0059FECE-47CB-4087-A0EF-7827BEE8A30F} - System32\Tasks\{F9013E30-1C24-466D-BB04-71237E89EB5A} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {02B60035-D109-4DA1-8272-1044D4B69AEF} - System32\Tasks\{1C7A9752-4680-49A1-8E31-997308D7A2A1} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {0901933F-9A60-417A-931A-05D788524E0F} - System32\Tasks\{F2061384-F8D4-43C6-BC05-E56206208617} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {1052F32C-C26E-4C8C-BB80-DA559A3DA83F} - System32\Tasks\{524033ED-248C-421D-B6F8-68FE7444C0B9} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {6075EF89-05E2-4E75-B184-158D2D3627C5} - System32\Tasks\{E77C2933-5AF1-41A1-A7A8-AB97EC640FA1} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {924750D7-9A3B-48B3-A4C8-CF2D47280403} - System32\Tasks\{50E3479E-3F10-4528-BBAE-52A0B3927A17} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {9486AA37-0902-47B4-9487-FDAD3CE782EF} - System32\Tasks\{CA943F46-AF25-49B5-A4F6-39F2DE0BA666} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {9A427F01-3079-4B82-866E-5F33ABEED26F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Me => C:\Program Files\Windows Calendar\wincal.exe [2008-01-20] (Microsoft Corporation)
Task: {9E6B3B04-4E49-4C4C-BFA4-A841F565D645} - System32\Tasks\{E7AE2E9B-E722-4B32-864C-44FC88E62389} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {A6A9C135-2368-4C3D-AABD-9B54E5F3F4F9} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {BACDA9B8-872F-451C-9877-A093EBA00B8E} - System32\Tasks\{C3BE8508-8DCB-43D9-8646-E731C5A48FEE} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {D574A102-77D6-4BA9-A92E-6D48BDDAB54E} - System32\Tasks\{E928983C-DA8D-4B5A-9300-A9E1B49AEAE3} => Iexplore.exe http://ui.skype.com/...all?page=tsMain
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F9AA2700-1A9B-4DF3-B048-0AE332720C59} - System32\Tasks\{7366E13E-EA4C-4DB0-B74C-587115F9AFD0} => Iexplore.exe http://ui.skype.com/...all?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\User_Feed_Synchronization-{D77409A7-A3A2-4033-9A35-852519C12020}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-08-24 02:38 - 2005-10-07 15:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2008-09-21 13:47 - 2014-07-11 23:22 - 00043520 _____ () C:\Windows\system32\CmdLineExt03.dll
2008-05-08 17:14 - 2008-05-08 17:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-08-09 08:24 - 2014-08-09 08:24 - 00029696 _____ () C:\Users\Me\AppData\Local\Temp\nss404C.tmp\registry.dll
2014-08-09 08:24 - 2014-08-09 08:24 - 00008704 _____ () C:\Users\Me\AppData\Local\Temp\nss404C.tmp\newadvsplash.dll
2014-08-09 08:24 - 2014-08-09 08:24 - 00011264 _____ () C:\Users\Me\AppData\Local\Temp\nss404C.tmp\System.dll
2014-05-06 21:27 - 2014-05-06 21:27 - 03839088 _____ () C:\Users\Me\Documents\29.FirefoxPortable\App\firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:206E2596
AlternateDataStreams: C:\Users\Me\Documents\Cowboy Bebop - Bang Bang.mpg:TOC.WMV
AlternateDataStreams: C:\Users\Me\Documents\Once Upon a December.mp3:TOC.WMV
AlternateDataStreams: C:\Users\Me\Documents\Souleater's Remorse.wav:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: Avg7Alrt => 2
MSCONFIG\Services: Avg7UpdSvc => 2
MSCONFIG\Services: AvgCoreSvc => 2
MSCONFIG\Services: Com4QLBEx => 3
MSCONFIG\Services: DpHost => 2
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: QPCapSvc => 2
MSCONFIG\Services: QPSched => 2
MSCONFIG\Services: Recovery Service for Windows => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: vfsFPService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk => C:\Windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Aim6 => "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
MSCONFIG\startupreg: AVG7_CC => C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
MSCONFIG\startupreg: DpAgent => C:\Program Files\DigitalPersona\Bin\dpagent.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: OnScreenDisplay => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Agere Systems HDA Modem
Description: Agere Systems HDA Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Agere
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2014 08:30:35 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\localspl.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Spooler SubSystem App because of this error.

Program: Spooler SubSystem App
File: C:\Windows\System32\localspl.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (08/09/2014 08:30:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6001.18000, time stamp 0x4791956c, faulting module localspl.dll, version 6.0.6001.18000, time stamp 0x4791a73d, exception code 0xc0000006, fault offset 0x00058e08,
process id 0xe58, application start time 0xspoolsv.exe0.

Error: (08/09/2014 08:25:17 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\localspl.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Spooler SubSystem App because of this error.

Program: Spooler SubSystem App
File: C:\Windows\System32\localspl.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (08/09/2014 08:25:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6001.18000, time stamp 0x4791956c, faulting module localspl.dll, version 6.0.6001.18000, time stamp 0x4791a73d, exception code 0xc0000006, fault offset 0x00058e08,
process id 0x618, application start time 0xspoolsv.exe0.

Error: (08/09/2014 08:21:19 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Calendar because of this error.

Program: Windows Calendar
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (08/09/2014 08:21:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application wincal.exe, version 6.0.6001.18000, time stamp 0x47918f17, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000006, fault offset 0x00009cac,
process id 0xb70, application start time 0xwincal.exe0.

Error: (08/09/2014 08:20:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\localspl.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Spooler SubSystem App because of this error.

Program: Spooler SubSystem App
File: C:\Windows\System32\localspl.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (08/09/2014 08:20:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6001.18000, time stamp 0x4791956c, faulting module localspl.dll, version 6.0.6001.18000, time stamp 0x4791a73d, exception code 0xc0000006, fault offset 0x00058e08,
process id 0x5ec, application start time 0xspoolsv.exe0.

Error: (08/09/2014 08:20:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2014 07:34:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/09/2014 08:32:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Print Spooler3

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/09/2014 08:29:52 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (09/16/2010 02:30:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/03/2009 01:41:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-09 08:36:06.302
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-09 08:36:06.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-09 08:36:06.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-09 08:36:06.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-09 08:36:05.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-09 08:36:05.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-09 08:36:05.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-09 08:36:05.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 18:13:29.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-08 18:13:29.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 2813.09 MB
Available physical RAM: 1598.89 MB
Total Pagefile: 5836.2 MB
Available Pagefile: 4714.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:139.38 GB) (Free:44.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.67 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: D15F6734)
Partition 1: (Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#8
Essexboy
Posted 09 August 2014 - 08:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once again allow to boot to normal mode and let me know if there is an improvement

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKU\S-1-5-21-1207773905-1277427825-2978845657-1000\...\Run: [Aim6] => (the data entry has 824 more characters).
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
S3 ewdmaudn; C:\Users\Me\AppData\Local\Temp\ewdmaudn.sys [31744 2008-02-29] () [File not signed]
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#9
devilbear
Posted 09 August 2014 - 09:14 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

When the system rebooted, it spent two minutes hung with two taskbars piled on top of each other-- including two start buttons and two clocks -- and a black background with no desktop icons. After two minutes, it did finally switch to only one taskbar and show the desktop image and icons. However, nothing responded, whether clicked with the mouse or the touchpad. After another minute, there was a notice that the Spooler Subsystem App stopped working, then things started responding... very slowly.

 

The entire time, there was massive drive light activity. It took four minutes for Firefox to actually appear after starting it. Then, when attempting to open this thread, it hung again. Just when I thought it had come back, clicking on the tab made it yet again hang. It's finally working now, of course, but only after yet another error that the Spooler Subsystem App stopped working.

 

Below is the text of fixlog.text:

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:9-08-2014
Ran by Me at 2014-08-09 09:49:42 Run:1
Running from C:\Users\Me\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1207773905-1277427825-2978845657-1000\...\Run: [Aim6] => (the data entry has 824 more characters).
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
S3 ewdmaudn; C:\Users\Me\AppData\Local\Temp\ewdmaudn.sys [31744 2008-02-29] () [File not signed]
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
*****************

HKU\S-1-5-21-1207773905-1277427825-2978845657-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
"HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}" => Key not found.
ewdmaudn => Service deleted successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

Unable to cancel {8AC12F94-4D34-4D31-A738-7901B0868E61}.
0 out of 1 jobs canceled.

========= End of CMD: =========


=========  DEL %TEMP%\*.* /F /S /Q =========

Deleted file - C:\Users\Me\AppData\Local\Temp\$2EEE645B.t$m
Deleted file - C:\Users\Me\AppData\Local\Temp\$67326D22.t$m
Deleted file - C:\Users\Me\AppData\Local\Temp\1sxbapfF.img.part
Deleted file - C:\Users\Me\AppData\Local\Temp\269.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\2FF9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\34BA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\3978.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\3979.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\397B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\397C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\3f22c53.mst
Deleted file - C:\Users\Me\AppData\Local\Temp\79EA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\81BA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\A0C1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\adb.log
Deleted file - C:\Users\Me\AppData\Local\Temp\APKTOOL7625411806642738015.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\APKTOOL8412629226347778010.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\C10D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\C3A7.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\C3A8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\C3A9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\C409.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-1
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-10
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-11
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-12
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-13
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-14
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-15
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-16
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-17
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-18
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-19
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-2
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-20
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-21
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-22
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-23
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-24
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-25
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-26
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-27
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-28
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-29
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-3
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-30
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-31
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-32
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-4
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-5
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-6
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-7
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-8
Deleted file - C:\Users\Me\AppData\Local\Temp\clipboardcache-9
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW158.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW18EE.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW1A06.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW1A1F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW1C97.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW1FB1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW206C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW206D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW23A7.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW2560.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW2DAA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW2DF3.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW2E03.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW2E9F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW31DA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW3228.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW33D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW366C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW37EF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW3BAA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW3D6E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW3F51.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW445C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW45A8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW46AD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW472F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW4818.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW4E34.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW4ED5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW50BF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW517B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW51BA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW59F2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW5C7E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW5CE2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW62D8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW649D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW66FD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW69FA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW6A67.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW6B0E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW6C4A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW70BE.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW7385.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW7560.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW77A0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW7936.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW8640.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW864F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW8CC5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW8DFD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW92FD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW9405.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLW97A6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWA988.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWA99A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWB04C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWB51C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWBB.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWBFF2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWBFF5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWC4E9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWC560.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWC7C2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWCD8C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWCF60.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWCF70.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWD3FC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWD473.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWD681.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWDD8B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWDEDA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWDFC3.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWE225.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWE24.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWE282.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWE743.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWE7A1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWE841.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWE946.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWEA30.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWEDB9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWEEF1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWEFBB.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWF019.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWF240.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWF2F2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWF335.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWF51A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWF547.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWFD14.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWFD3D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWFEE8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CLWFF16.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\CUsersMeDesktopOperaNextPortable17.0.1241.11opera_autoupdate.lock
Deleted file - C:\Users\Me\AppData\Local\Temp\ehmsas.txt
Deleted file - C:\Users\Me\AppData\Local\Temp\ewdmaudn.sys
Deleted file - C:\Users\Me\AppData\Local\Temp\F5aGjCLd.png.part
Deleted file - C:\Users\Me\AppData\Local\Temp\FA9B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\faom_D5D.webp.part
Deleted file - C:\Users\Me\AppData\Local\Temp\FnpSnsSM.mp3.part
Deleted file - C:\Users\Me\AppData\Local\Temp\hbqpilm5.bmp
Deleted file - C:\Users\Me\AppData\Local\Temp\icon_background_32.png
Deleted file - C:\Users\Me\AppData\Local\Temp\JavaDeployReg.log
Deleted file - C:\Users\Me\AppData\Local\Temp\log3
Deleted file - C:\Users\Me\AppData\Local\Temp\LuUpdater.log
Deleted file - C:\Users\Me\AppData\Local\Temp\Me.bmp
Deleted file - C:\Users\Me\AppData\Local\Temp\MSI6132e.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSI67a6d.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSI74296.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSI74da8.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSI7ac5a.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSI7ed6f.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSI82a02.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSIa53cf.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSIb98c9.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\MSIe7aac.LOG
Deleted file - C:\Users\Me\AppData\Local\Temp\nseC0A1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFCD1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq81B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqA4C7.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\nsxF834.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz624.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\ObjectDock.dmp
Deleted file - C:\Users\Me\AppData\Local\Temp\ObjectDock.xml
Deleted file - C:\Users\Me\AppData\Local\Temp\opera_crashreporter.log
Deleted file - C:\Users\Me\AppData\Local\Temp\qs-en-utf16.txt
Deleted file - C:\Users\Me\AppData\Local\Temp\r0vaCEdC.part
Deleted file - C:\Users\Me\AppData\Local\Temp\respect-mil_ptsd_correct_role_play.pdf
Deleted file - C:\Users\Me\AppData\Local\Temp\respect-mil_ptsd_incorrect_role_play.pdf
Deleted file - C:\Users\Me\AppData\Local\Temp\SET4CA2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\SetA221.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\SIntf16.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\SIntf32.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\SIntfIcn.ani
Deleted file - C:\Users\Me\AppData\Local\Temp\SIntfNT.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\tmp-1ib.xpi
Deleted file - C:\Users\Me\AppData\Local\Temp\tmp-1om.xpi
Deleted file - C:\Users\Me\AppData\Local\Temp\tmp-fwz.xpi
Deleted file - C:\Users\Me\AppData\Local\Temp\tmp-r19.xpi
Deleted file - C:\Users\Me\AppData\Local\Temp\tmp-yij.xpi
Deleted file - C:\Users\Me\AppData\Local\Temp\WC157.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC18ED.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC19E6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC1A1E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC1C96.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC1FB0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC1FCF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC206B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC23A6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC255F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC2DA9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC2DF2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC2E02.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC2E9E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC31D9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC3227.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC33C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC366B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC37EE.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC3BA9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC3CD1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC3F50.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC445B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC45A7.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC46AC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC470F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC476B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC4E33.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC4ED4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC50BE.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC517A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC51B9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC59D2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC5C7D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC5CE1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC62D7.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC649C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC66FC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC69F9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC6A66.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC6B0D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC6C0B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC70BD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC7384.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC755F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC777F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC7935.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC863F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC864E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC8CC4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC8DFC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC92EC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC93F4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WC97A5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCA8ED.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCA987.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCB04B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCB51B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCBA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCBFF1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCBFF4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCC4E8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCC55F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCC7C1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCCD8B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCCF5F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCCF6F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCD3FB.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCD472.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCD680.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCDD8A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCDED9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCDFC2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCE224.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCE23.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCE281.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCE6B6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCE7A0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCE840.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCE935.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCEA2F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCEDB8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCEEF0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCEFBA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCF018.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCF23F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCF2F1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCF334.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCF519.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCF546.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCFD13.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCFD3C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCFEC8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WCFF06.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\WhiteNoiseHelpGuide.pdf
Deleted file - C:\Users\Me\AppData\Local\Temp\YGtw4kq4.WAV.part
Deleted file - C:\Users\Me\AppData\Local\Temp\zgy4qxeA.pdf.part
Deleted file - C:\Users\Me\AppData\Local\Temp\_is41E3.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\_isdelet.ini
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1108.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1186.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1479.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF14D9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1516.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1518.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1646.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1813.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF1EAC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF213D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF241F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF267.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF28CA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF2A9D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF2AC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF2AE6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF2F66.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF2FD8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF32C0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF32FE.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF3410.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF350C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF3738.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF3822.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF3FA4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF40A9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF43FA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF444A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF4546.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF45CD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF4722.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF4892.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF48AD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF48D2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF4AD8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF4D94.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF4FD0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF51A1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5245.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5530.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF589A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5B2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5C0A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5C6B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5CD9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5D71.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5E3B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5EBD.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF5F75.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF613.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF6472.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF67C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF68D4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF6A57.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF6AE1.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF6C36.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF6CD8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7056.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7448.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7478.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF75F0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7640.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7645.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF765B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF76D6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF76E4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF76EF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF76FB.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7767.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF78B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7919.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7E3D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7F09.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF7F30.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF81C7.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF825B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF82D2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF8404.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF84C2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF869B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF869D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF86C4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF86C6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF8B81.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF8D77.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF8DC4.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF8F5C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF963C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF96EC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF9881.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF98C9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF9987.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF99ED.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF9C29.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DF9C7E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA118.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA171.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA25C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA341.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA46E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA509.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA59C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFA62C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFAED8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFAF3F.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFAF94.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFB0DC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFB0E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFB228.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFB31.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFB43D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFB58D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFB799.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFBB25.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFBC10.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFC508.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFC69C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFC703.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFC705.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFC8A8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFC8BF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCA24.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCA72.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCABA.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCBB6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCCB5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCDA2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCDD9.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCEAC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFCFEB.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFD2AE.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFD3E0.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFD7CF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFD822.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFDA2B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFDA6E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFDBDC.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFDD8D.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFDF71.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFDF8A.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFE12C.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFE292.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFE72E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFE7B5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFECA2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFECD6.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFEE3E.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFEEE5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFEF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFF010.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFF3EF.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFF3F8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFF62B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFF726.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFF7D8.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFF88B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFFA19.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFFC35.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFFC86.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFFD5.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFFF12.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFFF36.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~DFFFF2.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\~e5.0001
Deleted file - C:\Users\Me\AppData\Local\Temp\1996_11546\crl-set
Deleted file - C:\Users\Me\AppData\Local\Temp\1996_11546\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\1996_11546\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\4808_22288\crl-set
Deleted file - C:\Users\Me\AppData\Local\Temp\4808_22288\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\4808_22288\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\5268_12121\ChromeRecovery.exe
Deleted file - C:\Users\Me\AppData\Local\Temp\5268_12121\GoogleUpdateSetup.exe
Deleted file - C:\Users\Me\AppData\Local\Temp\5268_12121\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\5268_12121\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\5500_10669\crl-set
Deleted file - C:\Users\Me\AppData\Local\Temp\5500_10669\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\5500_10669\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\5796_15438\crl-set
Deleted file - C:\Users\Me\AppData\Local\Temp\5796_15438\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\5796_15438\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\7520_32222\crl-set
Deleted file - C:\Users\Me\AppData\Local\Temp\7520_32222\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\7520_32222\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\7688_23985\crl-set
Deleted file - C:\Users\Me\AppData\Local\Temp\7688_23985\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\7688_23985\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\acro_rd_dir\History\History.IE5\desktop.ini
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000004b.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000059.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000005a.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00000a9.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00000d5.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000011a.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000012c.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000014c.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000196.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00002b5.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00002cb.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000336.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000337.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000376.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00003bb.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00003ea.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000044f.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000480.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000049b.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00004cd.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000513.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000053e.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e000058d.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00005b4.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00005e6.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000668.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00006db.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00006fa.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000749.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00008c6.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000944.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e00009b4.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000a31.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000a33.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000a7f.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000aeb.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000b11.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000b6e.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000be9.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000bee.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000c05.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000c7c.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000ced.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000d03.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000d17.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000d90.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000e64.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000e77.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000ead.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000edb.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000efd.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d00\e0000f6a.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e000106e.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001284.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e000128a.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001315.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001421.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e00014f6.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001522.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001548.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e00016b4.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e00016f4.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e000181f.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001828.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e00018e3.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e00018ff.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001942.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001a0f.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001ad8.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001b22.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001c7e.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001cfb.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001e82.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001efe.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001f20.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001f73.au
Deleted file - C:\Users\Me\AppData\Local\Temp\audacity_1_2_temp\project18326\e00\d01\e0001feb.au
Deleted file - C:\Users\Me\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set
Deleted file - C:\Users\Me\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.fingerprint
Deleted file - C:\Users\Me\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\CRX_DF399A9B283A\ChromeRecovery.exe
Deleted file - C:\Users\Me\AppData\Local\Temp\CRX_DF399A9B283A\GoogleUpdateSetup.exe
Deleted file - C:\Users\Me\AppData\Local\Temp\CRX_DF399A9B283A\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\fontconfig\cache\d031bbba323fd9e5b47e0ee5a0353f11-mipsel.cache-2
Deleted file - C:\Users\Me\AppData\Local\Temp\fontconfig\cache\ebe3054af4eb80f039afb0931e273f41-mipsel.cache-2
Deleted file - C:\Users\Me\AppData\Local\Temp\gm-temp\5552.user.js
Deleted file - C:\Users\Me\AppData\Local\Temp\isp55AA.tmp\_Setup.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsa5EF2.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsa5EF2.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsa5EF2.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsa5EF2.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsa5EF2.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsaB0F8.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsaB0F8.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsaB0F8.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsaB0F8.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsaB0F8.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsb48F3.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsb48F3.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsb48F3.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsb48F3.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsb48F3.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc4220.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc4220.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc4220.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc4220.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc4220.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc7560.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc7560.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc7560.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc7560.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsc7560.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd250F.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd250F.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd250F.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd250F.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd250F.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd9261.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd9261.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd9261.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd9261.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsd9261.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseE18A.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseE18A.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseE18A.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseE18A.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nseE18A.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFCD2.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFCD2.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFCD2.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFCD2.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFCD2.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFEDA.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFEDA.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFEDA.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFEDA.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nseFEDA.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsfB08B.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsfB08B.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsfB08B.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsfB08B.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsfB08B.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg46F0.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg46F0.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg46F0.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg46F0.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg46F0.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5208.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5208.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5208.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5208.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5208.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5EC4.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5EC4.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5EC4.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5EC4.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg5EC4.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg7697.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg7697.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg7697.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg7697.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg7697.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg82C.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg82C.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg82C.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg82C.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsg82C.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgA70A.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgA70A.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgA70A.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgA70A.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgA70A.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD31C.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD31C.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD31C.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD31C.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD31C.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD376.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD376.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD376.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD376.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsgD376.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh34D7.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh34D7.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh34D7.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh34D7.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh34D7.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh98C7.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh98C7.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh98C7.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh98C7.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsh98C7.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nshD3A5.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nshD3A5.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nshD3A5.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nshD3A5.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nshD3A5.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsi5CF0.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsi5CF0.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsi5CF0.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsi5CF0.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsi5CF0.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiAAE0.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiAAE0.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiAAE0.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiAAE0.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiAAE0.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiB0CA.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiB0CA.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiB0CA.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiB0CA.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsiB0CA.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsj9271.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsj9271.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsj9271.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsj9271.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsj9271.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsk4E02.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsk4E02.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsk4E02.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsk4E02.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsk4E02.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl2B65.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl2B65.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl2B65.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl2B65.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl2B65.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl40B9.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl40B9.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl40B9.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl40B9.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl40B9.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl87A7.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl87A7.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl87A7.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl87A7.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsl87A7.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nslF123.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nslF123.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nslF123.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nslF123.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nslF123.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm3F8.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm3F8.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm3F8.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm3F8.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm3F8.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm4F88.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm4F88.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm4F88.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm4F88.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsm4F88.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsmF844.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsmF844.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsmF844.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsmF844.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsmF844.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn22DD.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn22DD.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn22DD.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn22DD.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn22DD.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn47BB.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn47BB.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn47BB.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn47BB.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn47BB.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn6DD1.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn6DD1.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn6DD1.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn6DD1.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsn6DD1.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnC41B.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnC41B.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnC41B.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnC41B.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnC41B.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnF693.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnF693.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnF693.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnF693.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsnF693.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nso634.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nso634.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nso634.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nso634.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nso634.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp4BEF.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp4BEF.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp4BEF.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp4BEF.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp4BEF.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp7BF.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp7BF.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp7BF.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp7BF.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp7BF.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp8815.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp8815.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp8815.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp8815.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsp8815.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq1F92.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq1F92.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq1F92.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq1F92.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq1F92.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq4B92.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq4B92.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq4B92.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq4B92.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq4B92.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq50A0.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq50A0.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq50A0.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq50A0.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq50A0.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq57D2.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq57D2.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq57D2.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq57D2.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq57D2.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq7CDE.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq7CDE.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq7CDE.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq7CDE.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsq7CDE.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqA516.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqA516.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqA516.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqA516.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqA516.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqB896.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqB896.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqB896.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqB896.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqB896.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqD4FC.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqD4FC.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqD4FC.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqD4FC.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsqD4FC.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr58D.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr58D.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr58D.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr58D.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr58D.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr735D.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr735D.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr735D.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr735D.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr735D.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr7F8D.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr7F8D.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr7F8D.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr7F8D.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr7F8D.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr9E43.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr9E43.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr9E43.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr9E43.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsr9E43.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrA9D7.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrA9D7.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrA9D7.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrA9D7.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrA9D7.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrE467.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrE467.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrE467.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrE467.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrE467.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrEB69.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrEB69.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrEB69.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrEB69.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsrEB69.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss98A8.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss98A8.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss98A8.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss98A8.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nss98A8.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss9C02.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss9C02.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss9C02.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nss9C02.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nss9C02.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nst63C3.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nst63C3.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nst63C3.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nst63C3.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nst63C3.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nstC469.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nstC469.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nstC469.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nstC469.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nstC469.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsu5B1C.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsu5B1C.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsu5B1C.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsu5B1C.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsu5B1C.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsuA650.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsuA650.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsuA650.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsuA650.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsuA650.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv3959.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv3959.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv3959.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv3959.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv3959.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv42DB.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv42DB.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv42DB.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv42DB.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv42DB.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv7CFD.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv7CFD.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv7CFD.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv7CFD.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv7CFD.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv9695.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv9695.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv9695.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv9695.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsv9695.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw2B84.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw2B84.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw2B84.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw2B84.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw2B84.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw4F98.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw4F98.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw4F98.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw4F98.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw4F98.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw5B0C.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw5B0C.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw5B0C.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw5B0C.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsw5B0C.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswA95A.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswA95A.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswA95A.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswA95A.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nswA95A.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswF0C6.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswF0C6.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswF0C6.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nswF0C6.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nswF0C6.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsxB04D.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsxB04D.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsxB04D.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsxB04D.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsxB04D.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsy6F86.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsy6F86.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsy6F86.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsy6F86.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsy6F86.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3257.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3257.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3257.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3257.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3257.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz38BD.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz38BD.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz38BD.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz38BD.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz38BD.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3CD7.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3CD7.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3CD7.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3CD7.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz3CD7.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz7D1D.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz7D1D.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz7D1D.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz7D1D.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz7D1D.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz93A9.tmp\FindProcDLL.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz93A9.tmp\newadvsplash.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz93A9.tmp\registry.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz93A9.tmp\splash.jpg
Deleted file - C:\Users\Me\AppData\Local\Temp\nsz93A9.tmp\System.dll
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-123\plugin-crossdomain.xml
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-139\plugin-crossdomain.xml
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-13b2078ac0647b7a1e71c769c8b6d4c5.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-2b8d782aae0d7d92b61fde0978e09786.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-39a6cdea821fe5039ebf63e997457bf9.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-3df0407bb1d803f088f31b64e53fa4e7.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-738fe1699de7d0b9fafb5cc5e3fa3c15.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-76fb168476493e75d754387aaa34b442.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-855566d2e3db0cdbf639673d12f3826d.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-b0b0f98597fe3f0711c6ea7f5e076883.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-22\plugin-ca84ed5f2cf402e73d6b7d5072251b53.daeblob
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-68\plugin-json
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-72\plugin-json
Deleted file - C:\Users\Me\AppData\Local\Temp\plugtmp-72\plugin-json-1
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\DECODED_IMAGES
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\DECODED_MESSAGE_CATALOGS
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\FA9B.tmp
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\128.png
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\16.png
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\19.png
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\48.png
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\apply.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\background.html
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\background.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\COPYING
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\edit.html
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\edit.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\health.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\help.png
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\install.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\localization.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\manage.html
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\manage.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\manifest.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\messaging.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\popup.html
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\popup.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\README
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\storage.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\world_go.png
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\index.html
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\LICENSE
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\package.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\README.md
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\bin\compress
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\keymap\emacs.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\keymap\vim.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\codemirror.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\codemirror.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\closetag.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\continuecomment.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\dialog.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\dialog.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\foldcode.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\formatting.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\javascript-hint.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\loadmode.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\match-highlighter.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\multiplex.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\overlay.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\pig-hint.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\runmode-standalone.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\runmode.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\search.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\searchcursor.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\simple-hint.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\simple-hint.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\lib\util\xml-hint.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\mode\css\css.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\mode\css\index.html
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\mode\css\test.js
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\ambiance-mobile.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\ambiance.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\blackboard.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\cobalt.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\eclipse.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\elegant.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\erlang-dark.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\lesser-dark.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\monokai.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\neat.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\night.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\rubyblue.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\twilight.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\vibrant-ink.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\codemirror\theme\xq-dark.css
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\ar\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\de\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\en\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\es\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\fr\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\it\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\ja\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\pt_BR\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\ru\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\te\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\tr\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\zh\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\scoped_dir_4996_6463\CRX_INSTALL\_locales\zh_CN\messages.json
Deleted file - C:\Users\Me\AppData\Local\Temp\Skype\gilasterr.log
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_10tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_11tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_12tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_13tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_14tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_15tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_17tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_1tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_20tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_22tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_23tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_24tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_25tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_26tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_27tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_28tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_2tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_30tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_31tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_3tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_4tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_6tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_7tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_8tmp00.zip\install.rdf
Deleted file - C:\Users\Me\AppData\Local\Temp\Temp1_9tmp00.zip\install.rdf

========= End of CMD: =========


=========  RD /S /Q %TEMP% =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====


  • 0

#10
Essexboy
Posted 09 August 2014 - 09:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Progress of a sort then :)
 
Could you go to control panel > programmes and feature, uninstall Aim 6
 
As that was the initial cause of the delayed start.   
 
One of the files I removed had the appearance of a rootkit so I will need to use a stronger tool next
 
Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
     
    NSIS_disclaimer_ENG.png
    NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements

#11
devilbear
Posted 09 August 2014 - 10:13 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

I forgot I even had Aim still installed, as I've been using Trillian instead for years, now. Good riddance to unused software! Though I do recall that my usual boot mode had some startup items disabled because I didn't want them on startup... I think Aim was one. So that may also explain why it's suddenly doing that when it normally didn't.

If it's of any relevance, I do know that once upon a time I had a google redirect virus that appeared to be fixed up. And I don't know what kind of DRM was involved with the game I installed before this happened, and do know that some DRM do behave like rootkits.

There were no system tray icons (which should be there), other thanmy network, volume, bluetooth, and power icons. I couldn't find a way to close AVG so I just exited/closed the control center. I did disable Windows Defender (and of course re-enabled it after Combofix was totally finished).

When Combofix finished, it didn't restart my system or prompt me to restart, nor did it say anything about programs marked for deletion, so I haven't yet restarted.

One thing worth noting is that my audio is no longer working. This was true before trying any fixes, and remains true in both safe mode and normal mode. The red button on my laptop is lit, for volume being muted, and the controls don't work. If I press the button, it'll toggle the system tray icon as muted or unmuted, but no matter how high I turn the system tray icon's volume, no audio actually plays through my speakers or headphones.

Firefox started at a normal speed without hanging this time, but that may be because the sytsem wasn't fresh from a restart. So far, my network hasn't dropped the way it did the other day, which spawned the beginning of these issues.

 

Combofix log follows:

 

 

 

ComboFix 14-08-06.02 - Me 08/09/2014  10:44:40.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2813.2085 [GMT -5:00]
Running from: c:\users\Me\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-09 to 2014-08-09  )))))))))))))))))))))))))))))))
.
.
2014-08-09 15:53 . 2014-08-09 15:53    --------    d-----w-    c:\users\Me\AppData\Local\temp
2014-08-09 15:53 . 2014-08-09 15:53    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-08-09 15:53 . 2014-08-09 15:53    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-09 15:53 . 2014-08-09 15:53    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-08-09 13:33 . 2014-08-09 14:49    --------    d-----w-    C:\FRST
2014-08-07 21:30 . 2014-08-08 08:52    --------    d-----w-    c:\program files\Activision
2014-07-11 22:30 . 2014-07-11 22:30    --------    d-----w-    c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-12 04:22 . 2008-09-21 18:47    43520    ----a-w-    c:\windows\system32\CmdLineExt03.dll
2014-07-06 02:54 . 2012-08-02 02:31    546    ----a-w-    C:\cookie.tmp
2014-06-24 01:58 . 2014-06-24 01:58    696240    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-06-24 01:58 . 2011-10-16 01:47    73136    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-27 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-08-24 219136]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-8-24 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-08-24 07:46    9216    ----a-w-    c:\windows\System32\avgwlntf.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06    40048    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
2008-08-24 07:55    579072    ----a-w-    c:\progra~1\Grisoft\AVG7\avgcc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2008-03-13 02:24    699456    ----a-w-    c:\program files\DigitalPersona\Bin\DpAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40    1387288    ----a-w-    c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42    70912    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24    54840    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31    80896    ----a-w-    c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 14:44    488752    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 21:08    2289664    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-02 01:42    554288    ----a-w-    c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45    202032    ----a-w-    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-15 05:56    468264    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17    61440    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 12:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-18 11:31    1033512    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe [2008-02-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-09 c:\windows\Tasks\User_Feed_Synchronization-{D77409A7-A3A2-4033-9A35-852519C12020}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 10.10.10.1
FF - ProfilePath - c:\users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\
FF - prefs.js: browser.search.selectedEngine - The Free Dictionary
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-09 10:53
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-08-09  10:56:34
ComboFix-quarantined-files.txt  2014-08-09 15:56
ComboFix2.txt  2011-02-05 10:36
ComboFix3.txt  2011-02-05 07:34
.
Pre-Run: 47,489,376,256 bytes free
Post-Run: 47,601,119,232 bytes free
.
- - End Of File - - 6076C1B7B54B6CB2450948960901590F
85D751F0E41B8E520AEE8C07A8DA777B
 


  • 0

#12
Essexboy
Posted 09 August 2014 - 10:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The aim startup file was changed to make multiple connections on start... Where it was calling to I do not know

Lets see how the boot is after this

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

FCopy::
c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll|c:\windows\System32\shsvcs.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

If it does not reboot then do that manually and after the restart download and run this programme

Download and run farbar service scanner

FSS-1.jpg

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#13
devilbear
Posted 09 August 2014 - 11:10 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

I bolded things I think are more relevant, since I'm aware I tend to give excessive details; please don't mistake this as me yelling or anything like that!

 

On the bright side, I do recall that before I left Aim for Trillian, I used the now-deprecated feature to connect two accounts so I would receive email alerts from one while using IM from the other. That could hopefully be why Aim made multiple connections.

 

At stage 5 of Combofix running, I got an error that PEV.exe stopped working; I clicked 'close program' for it, and Combofix continued on without any visible errors.

 

I had to manually restart (using 'restart' not a shutdown then turn back on). Before the system kicked in, the audio mute light turned blue, as it should be... But as soon as the actual system started booted, it returned to being stuck in red/mute mode, and my audio remains broken as described in the previous post. It got stuck a while on the welcome screen, about a minute, then bootedto a totally black screen. After maybe another minute, a weird safe mode / classic style taskbar appeared. The system would not respond, and the entire screen went white for a few seconds. The desktop then rendered, but still with the unsightly classic shell theme like appears in safe mode.

 

There was no network icon for a while in the system tray, but after a moment it appeared. However, the system was still unresponsive... and yet again I got a Spooler Subsystem App has stopped working error before the system would respond. I tried logging off Windows then back on to fix the shell theme, but it's still the ugly classic version instead of my chosen theme. Could something in Combofix have messed with my patch to uxtheme.dll so that I can use a more aesthetically pleasing shell theme? (I've had that done since day one, and have never switched shell themes over the seven years I've had this computer, so I doubt it's related to whatever has happened or a huge risk.)

 

The system is very laggy again, at any rate, though it seems to be going a little less laggy after having a while to settle.

 

-----------[[ Combo Fix Log Below ]]-----------

 

 

ComboFix 14-08-06.02 - Me 08/09/2014  11:31:00.5.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2813.1957 [GMT -5:00]
Running from: c:\users\Me\Desktop\ComboFix.exe
Command switches used :: c:\users\Me\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll --> c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((   Files Created from 2014-07-09 to 2014-08-09  )))))))))))))))))))))))))))))))
.
.
2014-08-09 16:37 . 2014-08-09 16:38    --------    d-----w-    c:\users\Me\AppData\Local\temp
2014-08-09 16:37 . 2014-08-09 16:37    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-08-09 16:37 . 2014-08-09 16:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-09 16:37 . 2014-08-09 16:37    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-08-09 13:33 . 2014-08-09 14:49    --------    d-----w-    C:\FRST
2014-08-07 21:30 . 2014-08-08 08:52    --------    d-----w-    c:\program files\Activision
2014-07-11 22:30 . 2014-07-11 22:30    --------    d-----w-    c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-12 04:22 . 2008-09-21 18:47    43520    ----a-w-    c:\windows\system32\CmdLineExt03.dll
2014-07-06 02:54 . 2012-08-02 02:31    546    ----a-w-    C:\cookie.tmp
2014-06-24 01:58 . 2014-06-24 01:58    696240    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-06-24 01:58 . 2011-10-16 01:47    73136    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-08-24 219136]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-8-24 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-08-24 07:46    9216    ----a-w-    c:\windows\System32\avgwlntf.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Me^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06    40048    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
2008-08-24 07:55    579072    ----a-w-    c:\progra~1\Grisoft\AVG7\avgcc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2008-03-13 02:24    699456    ----a-w-    c:\program files\DigitalPersona\Bin\DpAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40    1387288    ----a-w-    c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 20:42    70912    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24    54840    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31    80896    ----a-w-    c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 14:44    488752    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 21:08    2289664    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-02 01:42    554288    ----a-w-    c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45    202032    ----a-w-    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-15 05:56    468264    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17    61440    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 12:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-18 11:31    1033512    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe [2008-02-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-09 c:\windows\Tasks\User_Feed_Synchronization-{D77409A7-A3A2-4033-9A35-852519C12020}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 10.10.10.1
FF - ProfilePath - c:\users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\xue1rgkd.default\
FF - prefs.js: browser.search.selectedEngine - The Free Dictionary
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-09 11:37
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
 [0] 0x01000000
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-08-09  11:40:15
ComboFix-quarantined-files.txt  2014-08-09 16:40
ComboFix2.txt  2011-02-05 10:36
ComboFix3.txt  2011-02-05 07:34
.
Pre-Run: 47,611,924,480 bytes free
Post-Run: 47,578,497,024 bytes free
.
- - End Of File - - 9C27E3CAC1A2D0E7329CAF865DED618A
85D751F0E41B8E520AEE8C07A8DA777B
 

 

 

 

 

 

 

 

-----------[[ Contents of FSS.txt below ]]-----------

 

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Me (administrator) on 09-08-2014 at 11:56:38
Running from "C:\Users\Me\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#14
Essexboy
Posted 09 August 2014 - 11:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you reset the theme as Combofix does take exception to patched files

For the spooler error try this
 

1. Go to Programs and Features in Control panel > click Turn Windows features on or off
2. click + sign of Print services
3. Select LPD and LPR. You should remove Internet Printing Client. > restart your PC to ensure there is no error of spooler service.
4. Add your printer driver again.



Then you will need to decide about SP2 for Vista, as this may cure some of the delay problems
  • 0

#15
devilbear
Posted 09 August 2014 - 11:51 AM

devilbear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

When I tried to set my custom theme, it had no preview and setting it just kept the classic shell. Right now I'm using a default aero theme, but it's too large and unsightly for my tastes. Will I need to repatch uxtheme.dll later?

 

As for the printer issue... I actually haven't used my printer in years, and it's currently in storage so I can't plug it in. Nor do I know where the disc with the drivers might be. (In fact, if I'm not mistaken, I may have simply used it in a plug-and-play manner, with the default drivers. I'm not entirely sure which printer-based functions came with the laptop and which with the printer, as both are HP brand.) Will this be fine if I skip the reinstallation of drivers, as I don't have any?

 

For SP2, I honestly fear it'll be a bigger problem than I can deal with due to my slow internet and the issues I've read about with audio, network, video drivers etc. on older HPs like mine being totally obliterated by the update. Before these issues arose the other day, I had a small amount of lag, but it was overall very livable... and I mainly just need my system with the audio restored, functional network (so far, so good, but I fear the issue will return when I go back to a non-selective startup), and the more-major issues gone. I'll be buying a new computer very very soon, and just need this one to function in the meantime and be usable for the program I use to mod my tablet.

 

Out of curiosity, should I try re-enabling startup services? I noticed one of them is Audio Service, as well as some of the built-in HP stuff that manages certain things. Could those be causing the startup lag, since they're disabled, and the system may be looking for them?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP