Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I seem to have multiple problems. I'm struggling now!


  • This topic is locked This topic is locked
24 replies to this topic

#1 Slime58

Slime58

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 18 December 2015 - 12:08 PM

I'll keep it brief!

I've recently realised that I don't get the 'Run as Admin' option on any program that I right click on.

All I get is 'Run as ...', which when clicked on, opens a Run As box into which I type Administrator ......................... but that does nothing.

I've also discovered that I can't do a 'system restore'.

I opened up a thread in your Windows XP forum (http://www.bleepingcomputer.com/forums/t/596139/i-cant-run-as-admin-or-do-a-system-restore/) and have now been advised by LOUIS, one of your mods, to start a new thread here.

The reason being that, apart from my initial two problems, I am currently unable to download programmes from the web.

I was having issues with Avast, recently installed as advised, interfering with my emails. I then uninstalled Avast, only to find I couldn't install anything else due to my downloading problems.

I've just installed an AV prog after downloading it from a laptop onto a flash drive and then putting it onto this PC.

When trying to download a prog, a box appears asking me whether I'd like to save the file or cancel. As soon as I click on 'save file' the programme box disappears!

I'm sorry to be a pain, but my problems are increasing at an alarming rate!

I also can't print anything, including emails, unless I copy & paste them into notepad or a word document.

This has only been the case for a couple of days.

boopme has been helping me but suggested I open a new thread with all my woes, see this link,

http://www.bleepingcomputer.com/forums/t/598799/i-seem-to-have-multiple-problems-im-struggling-now/#entry3887519

At one point he asked me to run Tweaking.com - Windows Repair All-In-One, which I did, but at one point, in Step 4, I was asked to insert my Windows XP disc, which I did, but was told it was the wrong CD .......................... it isn't!

The PC then locked up, forcing me to reboot it.

My PC is dying fast!!

He finally asked me to do steps 6, 7 and 8 of your preperation guide, which I've done, and here are the results!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-12-2015
Ran by Simon Hill (administrator) on SIMON (18-12-2015 16:53:23)
Running from I:\Documents and Settings\Simon Hill\Desktop
Loaded Profiles: Simon Hill (Available Profiles: Simon Hill & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(QIHU 360 SOFTWARE CO. LIMITED) I:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(ArcSoft) I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Creative Technology Ltd) I:\Program Files\Creative\Shared Files\CTDevSrv.exe
(Qihu Software Co. Limited) I:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(QIHU 360 SOFTWARE CO. LIMITED) I:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(Michel Krämer) I:\Program Files\Spamihilator\spamihilator.exe
(Microsoft Corporation) I:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QHSafeTray] => I:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1474168 2015-11-20] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\AtiExtEvent: I:\WINDOWS\system32\Ati2evxx.dll [2011-04-06] (ATI Technologies Inc.)
HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\Run: [4160684988] => regsvr32.exe "I:\Documents and Settings\All Users\Application Data\VallEmyo\Narki.dll"
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => I:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Google Update] => I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-09] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => I:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - I:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: I:\Documents and Settings\Simon Hill\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-26]
ShortcutTarget: Spamihilator.lnk -> I:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B6F9935A-4C54-4DF5-A78A-22D3275213F3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1644491937-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> I:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-26] (Oracle Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> I:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> I:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-26] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - I:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-1645522239-1644491937-839522115-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - I:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266968248870
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - I:\Program Files\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF ProfilePath: I:\Documents and Settings\Simon Hill\Application Data\Mozilla\Firefox\Profiles\swu74cuq.default-1450291966218
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> I:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-23] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> H:\Program Files\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> I:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> I:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> I:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> I:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> I:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-09] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> I:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> I:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: Adobe Reader -> I:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-09] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-06] (Apple Inc.)
FF Extension: New Tab Homepage - I:\Documents and Settings\Simon Hill\Application Data\Mozilla\Firefox\Profiles\swu74cuq.default-1450291966218\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-12-16]
FF Extension: Adblock Plus - I:\Documents and Settings\Simon Hill\Application Data\Mozilla\Firefox\Profiles\swu74cuq.default-1450291966218\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF Extension: Skype Click to Call - I:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-16] [not signed]
FF Extension: Skype extension for Firefox - I:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2015-12-16] [not signed]
FF Extension: Java Console - I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-12-16] [not signed]
FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - I:\Program Files\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - I:\Program Files\360\Total Security\safemon\webprotection_firefox [2015-12-08]

Chrome:
=======
CHR Profile: I:\Documents and Settings\Simon Hill\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - I:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [51712 2007-10-11] (ArcSoft)
R2 CTDevice_Srv; I:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; I:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 gupdate1c9ac0b8a333800; I:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
S3 IDriverT; I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; I:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 NMSAccessU; I:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-09-06] ()
S2 PnkBstrA; I:\WINDOWS\system32\PnkBstrA.exe [66872 2010-08-12] ()
R2 QHActiveDefense; I:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [903288 2015-11-20] (QIHU 360 SOFTWARE CO. LIMITED)
S3 ServiceLayer; I:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
S2 WinDefend; I:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 !SASCORE; "I:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; I:\WINDOWS\System32\Drivers\360AntiHacker.sys [122448 2015-11-20] (360.cn)
R3 360AvFlt; I:\WINDOWS\System32\DRIVERS\360AvFlt.sys [66128 2015-11-20] (360.cn)
R1 360Box; I:\WINDOWS\System32\DRIVERS\360Box.sys [204368 2015-11-20] (360.cn)
S3 360Camera; I:\WINDOWS\System32\Drivers\360Camera.sys [34888 2015-11-20] (360.cn)
R1 360SelfProtection; I:\WINDOWS\System32\drivers\360SelfProtection.sys [179152 2015-11-20] (360安全中心)
R2 AegisP; I:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-05-04] (Cisco Systems, Inc.) [File not signed]
S3 Afc; I:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 Ambfilt; I:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R1 AsIO; I:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 ATITool; I:\WINDOWS\System32\DRIVERS\ATITool.sys [28160 2005-05-30] (W1zzard) [File not signed]
R1 BAPIDRV; I:\WINDOWS\System32\DRIVERS\BAPIDRV.sys [174672 2015-11-20] (360.cn)
R2 cpuz133; I:\WINDOWS\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
R1 EfiMon; I:\WINDOWS\System32\Drivers\Efimon.sys [23248 2015-11-20] (360.cn)
S3 ENTECH; I:\WINDOWS\system32\DRIVERS\ENTECH.SYS [20400 1999-10-21] (EnTech Taiwan) [File not signed]
R0 giveio; I:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 HookPort; I:\WINDOWS\System32\Drivers\Hookport.sys [60368 2015-11-20] (360安全中心)
R3 L1e; I:\WINDOWS\System32\DRIVERS\l1e51x86.sys [38400 2000-01-01] (Atheros Communications, Inc.) [File not signed]
R3 MBAMProtector; I:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 Monfilt; I:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
R3 MTsensor; I:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; I:\WINDOWS\System32\DRIVERS\mv61xx.sys [159024 2010-10-26] (Marvell Semiconductor, Inc.)
S3 PCANDIS5; I:\WINDOWS\system32\PCANDIS5.SYS [17134 2009-08-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 PxHelp20; I:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-10-26] (Sonic Solutions) [File not signed]
R1 qutmdserv; I:\WINDOWS\System32\DRIVERS\qutmdrv.sys [301264 2015-11-20] (360.cn)
R1 qutmipc; I:\WINDOWS\system32\drivers\qutmipc.sys [53960 2015-11-20] (360.cn)
R3 RTL8187B; I:\WINDOWS\System32\DRIVERS\RTL8187B.sys [341376 2000-01-01] (Realtek Semiconductor Corporation                           )
R0 speedfan; I:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 StarOpen; I:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
S3 BIOSCHK; \??\I:\DOCUME~1\SIMONH~1\LOCALS~1\Temp\TII7.tmp\disk1\BIOSCHK.SYS [X]
S3 catchme; \??\I:\DOCUME~1\SIMONH~1\LOCALS~1\Temp\catchme.sys [X]
S3 eapihdrv; \??\I:\DOCUME~1\SIMONH~1\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\I:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 PCAMPR5; \??\I:\WINDOWS\system32\PCAMPR5.SYS [X]
S1 SASKUTIL; \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
U5 ScsiPort; I:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SysProtDrv.sys; \??\I:\Documents and Settings\Simon Hill\Desktop\SysProtDrv.sys [X]
U3 TlntSvr; no ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 16:53 - 2015-12-18 16:53 - 00016618 _____ I:\Documents and Settings\Simon Hill\Desktop\FRST.txt
2015-12-18 16:47 - 2015-12-17 23:43 - 01721344 _____ (Farbar) I:\Documents and Settings\Simon Hill\Desktop\FRST.exe
2015-12-18 16:40 - 2015-12-18 16:40 - 00001011 _____ I:\Documents and Settings\Simon Hill\Desktop\Booking.txt
2015-12-18 16:39 - 2015-12-18 16:39 - 00000000 _____ I:\Documents and Settings\Simon Hill\Desktop\New Text Document.txt
2015-12-17 19:42 - 2015-12-17 19:43 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Old Scan Stuff
2015-12-17 09:20 - 2015-12-17 09:20 - 00039905 _____ I:\Documents and Settings\Simon Hill\Desktop\Audrey Timetable..pdf
2015-12-16 18:52 - 2015-12-16 18:52 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Old Firefox Data
2015-12-16 17:51 - 2015-12-16 17:58 - 00000000 ___RD I:\Documents and Settings\Simon Hill\Desktop\My Pictures
2015-12-16 10:06 - 2015-12-16 16:54 - 00000000 ____D I:\Program Files\Mozilla Firefox
2015-12-16 09:36 - 2015-12-16 09:36 - 00000000 ___HD I:\Program Files\WindowsUpdate
2015-12-15 23:28 - 2015-12-15 23:28 - 00000000 _____ I:\WINDOWS\system32\Drivers\etc\hosts_bak_700
2015-12-15 19:07 - 2015-12-15 19:13 - 00132528 _____ I:\TDSSKiller.3.1.0.9_15.12.2015_19.07.57_log.txt
2015-12-15 19:05 - 2015-12-15 19:06 - 00000364 _____ I:\TDSSKiller.3.1.0.8_15.12.2015_19.05.59_log.txt
2015-12-14 16:55 - 2015-12-14 16:56 - 00000024 _____ I:\Documents and Settings\Simon Hill\Desktop\heurqvm40.1.malware.gen.txt
2015-12-14 16:16 - 2015-12-14 16:16 - 00039897 _____ I:\Documents and Settings\Simon Hill\Desktop\Audrey Wells.pdf
2015-12-14 16:08 - 2015-12-16 17:02 - 00038064 _____ I:\Documents and Settings\Simon Hill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-12-14 16:04 - 2015-12-14 16:04 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\2kxpinf
2015-12-14 16:03 - 2015-12-14 16:04 - 05926656 _____ (Hewlett Packard) I:\Documents and Settings\Simon Hill\Desktop\990-enu-xpinfu.exe
2015-12-14 15:54 - 2015-12-14 15:54 - 00039899 _____ I:\Documents and Settings\Simon Hill\Desktop\wells 14-12-15.pdf
2015-12-08 23:47 - 2015-12-16 14:06 - 00168304 _____ I:\WINDOWS\system32\FNTCACHE.DAT
2015-12-08 23:22 - 2015-12-16 19:51 - 00000000 ____D I:\Documents and Settings\Simon Hill\Application Data\360safe
2015-12-08 23:19 - 2015-12-18 07:57 - 00000000 ____D I:\Documents and Settings\Simon Hill\Application Data\360WD
2015-12-08 23:19 - 2015-12-08 23:19 - 00000000 _RSHD I:\360SANDBOX
2015-12-08 23:19 - 2015-12-08 23:19 - 00000000 ____D I:\Documents and Settings\Simon Hill\Application Data\360TotalSecurity
2015-12-08 23:19 - 2015-12-08 23:19 - 00000000 ____D I:\Documents and Settings\All Users\Start Menu\Programs\360 Security Center
2015-12-08 23:19 - 2015-12-08 23:19 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\360TotalSecurity
2015-12-08 23:19 - 2015-12-08 23:19 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\360safe
2015-12-08 23:19 - 2015-11-20 10:51 - 00301264 _____ (360.cn) I:\WINDOWS\system32\Drivers\qutmdrv.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00204368 _____ (360.cn) I:\WINDOWS\system32\Drivers\360Box.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00179152 _____ (360安全中心) I:\WINDOWS\system32\Drivers\360SelfProtection.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00174672 _____ (360.cn) I:\WINDOWS\system32\Drivers\BAPIDRV.SYS
2015-12-08 23:19 - 2015-11-20 10:51 - 00122448 _____ (360.cn) I:\WINDOWS\system32\Drivers\360AntiHacker.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00066128 _____ (360.cn) I:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00060368 _____ (360安全中心) I:\WINDOWS\system32\Drivers\hookport.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00053960 _____ (360.cn) I:\WINDOWS\system32\Drivers\qutmipc.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00034888 _____ (360.cn) I:\WINDOWS\system32\Drivers\360Camera.sys
2015-12-08 23:19 - 2015-11-20 10:51 - 00023248 _____ (360.cn) I:\WINDOWS\system32\Drivers\efimon.sys
2015-12-07 18:22 - 2015-12-07 18:22 - 00000654 _____ I:\Documents and Settings\All Users\Desktop\Speccy.lnk
2015-12-07 15:25 - 2015-12-14 19:31 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\VallEmyo
2015-12-07 14:53 - 2015-12-08 19:05 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\AVAST Software
2015-12-03 15:40 - 2015-12-04 08:24 - 00000000 ____D I:\Program Files\Mozilla Thunderbird
2015-12-02 14:01 - 2015-12-02 14:01 - 00311402 _____ I:\Documents and Settings\Simon Hill\Desktop\premium-bonds-brochure.pdf
2015-12-02 14:01 - 2015-12-02 14:01 - 00053767 _____ I:\Documents and Settings\Simon Hill\Desktop\premium-bonds-application-form.pdf
2015-11-30 09:11 - 2015-11-30 09:29 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Mum & Dad's Claim
2015-11-23 18:53 - 2015-12-07 18:22 - 00000000 ____D I:\Program Files\Speccy
2015-11-23 08:50 - 2015-11-23 08:50 - 00000000 ____D I:\Program Files\ESET

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 16:53 - 2015-05-21 21:09 - 00000000 ____D I:\Documents and Settings\Simon Hill\Local Settings\Temp
2015-12-18 16:53 - 2015-05-21 18:01 - 00000000 ____D I:\FRST
2015-12-18 16:52 - 2009-03-15 21:32 - 00000000 ____D I:\WINDOWS
2015-12-18 16:50 - 2014-02-09 07:45 - 00000998 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-12-18 16:48 - 2009-03-24 19:12 - 00000000 ____D I:\Documents and Settings\Simon Hill\Application Data\Spamihilator
2015-12-18 15:55 - 2010-03-18 15:10 - 00000886 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-18 07:50 - 2014-02-09 07:45 - 00000946 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-12-18 07:46 - 2010-03-18 15:10 - 00000882 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-18 07:46 - 2009-03-15 13:59 - 00000006 ____H I:\WINDOWS\Tasks\SA.DAT
2015-12-18 00:20 - 2009-03-15 14:00 - 00000178 ___SH I:\Documents and Settings\Simon Hill\ntuser.ini
2015-12-18 00:20 - 2009-03-15 13:59 - 00032510 _____ I:\WINDOWS\SchedLgU.Txt
2015-12-16 23:57 - 2009-04-12 13:01 - 00048128 _____ I:\Documents and Settings\Simon Hill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-16 16:54 - 2012-05-03 11:24 - 00000000 ____D I:\Program Files\Mozilla Maintenance Service
2015-12-16 09:45 - 2009-03-15 13:54 - 00000000 ____D I:\WINDOWS\Registration
2015-12-16 09:43 - 2009-03-15 21:40 - 00352052 _____ I:\WINDOWS\system32\PerfStringBackup.INI
2015-12-16 09:43 - 2009-03-15 13:56 - 00023392 _____ I:\WINDOWS\system32\nscompat.tlb
2015-12-16 09:43 - 2009-03-15 13:56 - 00016832 _____ I:\WINDOWS\system32\amcompat.tlb
2015-12-16 09:38 - 2009-03-15 13:58 - 00000000 __SHD I:\Documents and Settings\NetworkService
2015-12-16 09:05 - 2009-03-15 21:32 - 00000000 RSHDC I:\WINDOWS\system32\dllcache
2015-12-16 08:55 - 2009-03-15 21:32 - 00000000 ____D I:\WINDOWS\inf
2015-12-16 03:00 - 2010-03-01 13:41 - 00000268 _____ I:\WINDOWS\Tasks\Windows Update.job
2015-12-15 23:26 - 2009-03-22 21:29 - 00000000 ____D I:\Program Files\SUPERAntiSpyware
2015-12-15 23:26 - 2009-03-22 21:29 - 00000000 ____D I:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-12-15 20:43 - 2015-05-22 22:37 - 00170200 _____ (Malwarebytes) I:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-15 19:32 - 2015-05-22 22:36 - 00000000 ____D I:\Program Files\Malwarebytes Anti-Malware
2015-12-15 19:15 - 2015-05-22 20:30 - 00000000 __SHD I:\$360Section
2015-12-15 19:15 - 2015-05-22 20:28 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\360Quarant
2015-12-14 15:20 - 2004-08-04 12:00 - 00001374 _____ I:\WINDOWS\system32\wpa.dbl
2015-12-09 00:33 - 2010-12-30 13:32 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-12-09 00:28 - 2013-08-14 11:50 - 00000000 ____D I:\WINDOWS\system32\MRT
2015-12-09 00:24 - 2009-03-22 23:33 - 137798368 _____ (Microsoft Corporation) I:\WINDOWS\system32\MRT.exe
2015-12-08 23:18 - 2015-05-22 20:26 - 00000000 ____D I:\Program Files\360
2015-12-08 17:32 - 2015-05-22 19:05 - 00372304 _____ I:\WINDOWS\ntbtlog.txt
2015-12-08 17:25 - 2009-03-15 14:00 - 00000000 ____D I:\Documents and Settings\Simon Hill
2015-12-07 19:30 - 2009-03-15 14:00 - 00000000 ___RD I:\Documents and Settings\Simon Hill\My Documents\My Pictures
2015-12-07 15:38 - 2010-03-18 15:10 - 00000000 ____D I:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
2015-11-30 09:29 - 2009-03-15 14:00 - 00000000 ___RD I:\Documents and Settings\Simon Hill\My Documents
2015-11-30 09:13 - 2014-10-05 17:08 - 00000000 ____D I:\Documents and Settings\Simon Hill\My Documents\Andi's Stuff
2015-11-24 00:21 - 2015-05-22 20:28 - 00000000 ____D I:\WINDOWS\Tasks\360Disabled
2015-11-23 18:50 - 2014-10-10 09:22 - 00002347 _____ I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-23 18:50 - 2012-07-13 15:49 - 00780488 _____ (Adobe Systems Incorporated) I:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-23 18:50 - 2012-07-13 15:49 - 00142536 _____ (Adobe Systems Incorporated) I:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-23 18:50 - 2010-12-22 13:46 - 00000000 ____D I:\Program Files\Common Files\Adobe AIR
2015-11-23 08:52 - 2010-04-28 16:57 - 00000000 ____D I:\Documents and Settings\Administrator
2015-11-23 08:52 - 2009-03-15 13:59 - 00000000 __SHD I:\Documents and Settings\LocalService
2015-11-23 08:51 - 2015-11-10 13:46 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\Ashampoo
2015-11-23 08:51 - 2010-12-23 15:42 - 00000000 ____D I:\Program Files\Common Files\Adobe

==================== Files in the root of some directories =======

2014-04-18 17:42 - 2014-04-18 17:43 - 0003750 _____ () I:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2011-11-19 14:53 - 2011-11-19 15:00 - 0305152 _____ () I:\Program Files\windiag.iso
2009-03-24 22:20 - 2010-08-12 09:40 - 0022328 _____ () I:\Documents and Settings\Simon Hill\Application Data\PnkBstrK.sys
2009-04-12 13:01 - 2015-12-16 23:57 - 0048128 _____ () I:\Documents and Settings\Simon Hill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-26 15:51 - 2013-07-09 11:49 - 0000000 _____ () I:\Documents and Settings\Simon Hill\Local Settings\Application Data\prvlcl.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

I:\WINDOWS\explorer.exe => File is digitally signed
I:\WINDOWS\system32\winlogon.exe => File is digitally signed
I:\WINDOWS\system32\svchost.exe => File is digitally signed
I:\WINDOWS\system32\services.exe => File is digitally signed
I:\WINDOWS\system32\User32.dll => File is digitally signed
I:\WINDOWS\system32\userinit.exe => File is digitally signed
I:\WINDOWS\system32\rpcss.dll => File is digitally signed
I:\WINDOWS\system32\dnsapi.dll => File is digitally signed
I:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Attached File  Addition.txt   35.35KB   7 downloads

 

 

Thanking you all in advance,

 

Slime58

 

P.S.

In my Windows Security Centre it said that I had Avast! Antivirus Security running, although I don't have Avast! on my system, so I couldn't switch monitoring to off.


Edited by Slime58, 18 December 2015 - 12:11 PM.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 22 December 2015 - 12:49 AM

Hi Slime58 :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#3 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 22 December 2015 - 04:57 AM

Thanks polskamachina, I appreciate your help thumbsup.gif.

 

Slime58



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 24 December 2015 - 02:05 AM

Hi Slime58,
 
I'm still formulating a reply... :busy:
 
Thanks for your patience.
 
polskamachina



#5 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 24 December 2015 - 09:28 AM

No problem at all.

Just one to throw into the mix, the last couple of times I've shut the machine down I had an error message due to a program not responding.

I used the force close option it gave me and the program was something called Bodenreformgesetze0.

I googled it and translated it and the only translation I got was Land Reform Act!

Just thought I had better tell you.

 

Season's greetings my friend,

 

Slime58



#6 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 24 December 2015 - 11:04 AM

Oh, and another thing!

I've just opened Windows Media Player and watched in horror as all my music files were being wiped out!

There were hundreds of songs ................................. and many have just vanished.

I closed Media player, re-booted, then re-opened it ............................ thankfully some music has remained.

Would there be a way of finding them or would they have been deleted for ever?

Sorry bud, I guess this info is useful though.

 

Slime58.



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 24 December 2015 - 06:44 PM

Hi Slime58 :)

I've just opened Windows Media Player and watched in horror as all my music files were being wiped out!
There were hundreds of songs ................................. and many have just vanished.
I closed Media player, re-booted, then re-opened it ............................ thankfully some music has remained.

Have the actual music files been deleted or have they just been deleted from your playlists? Make sure you back up your data now!
 
For our opening steps, we will be using ComboFix. Since your nonworking computer is unable to download from the web, you'll need a flash drive and a working computer to accomplish the following:

We need to vaccinate your USB drive to prevent infection:

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean, working computer.
Note: the download mirror is called MajorGeeks and the download should start automatically. Please do not click any advertisements.

  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, then read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation
  • The program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    Note: optionally you can click Vaccinate computer as well. This disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post

Next:
 
We will begin with ComboFix.exe. Please visit this webpage for download links and instructions for running the tool. Make sure you download the ComboFix program to your vaccinated USB drive.

  • When the download to your USB drive has completed, remove the drive and insert into your nonworking computer.
  • Copy the ComboFix.exe program to your desktop.
  • Click on the Start button and select Run.
  • Copy and paste the following text into the run box and hit enter.
"%userprofile%\Desktop\ComboFix.exe" /killall 
  • The scan may take a while to complete so please be patient.
  • When the scan has completed, please copy and paste the C:\ComboFix.txt  log into your next reply to me.
  • How is your computer performing now?

Let me know if you have any questions.
 
polskamachina



#8 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 25 December 2015 - 11:41 AM

Okay, so it went like this,

First thing was to look for my missing music files ..................... I think they've been deleted for good.

I put ComboFix onto the bad computer via a vaccinated USB stick without issue.

I then ran ComboFix as instructed ........................ with issues!

I soon got the following warning;

 

                                 WARNING!!

ComboFix detected the following real time scanner to be active.

                             

                             avast! antivirus

          Please disable these scanners before clicking OK.

 

I had uninstalled avast! some time ago, however I download an avast! uninstall tool from a good computer using a good USB stick.

After running the uninstall tool the machine re-booted ....................... to a BSOD.

This happened three times, each time giving the following error code,

0xFFFFFFFC, 0x00000002, 0x00000000, 0xBA2FD48C.

I then started the machine in safe mode and re-ran the uninstall tool. Once complete the machine re-booted to my desktop ........................... phew!

I then re-ran ComboFix and got the same avast! warning. I hit OK a few times and ComboFix appeared to run in it's own little window.

It eventually finished and produced the report below.

It's worth mentioning, however, that in my security centre it still shows that avast! antivirus is active and up to date!!!

I've also noticed that when I press Start > Search I get a Windows Search box that I've never seen before!

Again,

Many thanks.

 

ComboFix 15-12-24.01 - Simon Hill 25/12/2015  15:40:20.4.4 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3327.2980 [GMT 0:00]
Running from: i:\documents and settings\Simon Hill\Desktop\ComboFix.exe
Command switches used :: /killall
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\windows\$msi31uninstall_kb893803v2$
i:\windows\$msi31uninstall_kb893803v2$\kb893803v2_wxp.cat
i:\windows\$msi31uninstall_kb893803v2$\msi.dll
i:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
i:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
i:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
i:\windows\$msi31uninstall_kb893803v2$\msisip.dll
i:\windows\$msi31uninstall_kb893803v2$\reg00003
i:\windows\$msi31uninstall_kb893803v2$\reg00004
i:\windows\$msi31uninstall_kb893803v2$\reg00005
i:\windows\$msi31uninstall_kb893803v2$\reg00006
i:\windows\$msi31uninstall_kb893803v2$\reg00007
i:\windows\$msi31uninstall_kb893803v2$\reg00008
i:\windows\$msi31uninstall_kb893803v2$\reg00009
i:\windows\$msi31uninstall_kb893803v2$\reg00010
i:\windows\$msi31uninstall_kb893803v2$\reg00011
i:\windows\$msi31uninstall_kb893803v2$\reg00012
i:\windows\$msi31uninstall_kb893803v2$\reg00013
i:\windows\$msi31uninstall_kb893803v2$\reg00014
i:\windows\$msi31uninstall_kb893803v2$\reg00015
i:\windows\$msi31uninstall_kb893803v2$\reg00016
i:\windows\$msi31uninstall_kb893803v2$\reg00017
i:\windows\$msi31uninstall_kb893803v2$\reg00018
i:\windows\$msi31uninstall_kb893803v2$\reg00019
i:\windows\$msi31uninstall_kb893803v2$\reg00020
i:\windows\$msi31uninstall_kb893803v2$\reg00021
i:\windows\$msi31uninstall_kb893803v2$\reg00022
i:\windows\$msi31uninstall_kb893803v2$\reg00023
i:\windows\$msi31uninstall_kb893803v2$\reg00024
i:\windows\$msi31uninstall_kb893803v2$\reg00025
i:\windows\$msi31uninstall_kb893803v2$\reg00026
i:\windows\$msi31uninstall_kb893803v2$\reg00027
i:\windows\$msi31uninstall_kb893803v2$\reg00028
i:\windows\$msi31uninstall_kb893803v2$\reg00029
i:\windows\$msi31uninstall_kb893803v2$\reg00030
i:\windows\$msi31uninstall_kb893803v2$\reg00031
i:\windows\$msi31uninstall_kb893803v2$\reg00032
i:\windows\$msi31uninstall_kb893803v2$\reg00033
i:\windows\$msi31uninstall_kb893803v2$\reg00034
i:\windows\$msi31uninstall_kb893803v2$\reg00035
i:\windows\$msi31uninstall_kb893803v2$\reg00036
i:\windows\$msi31uninstall_kb893803v2$\reg00037
i:\windows\$msi31uninstall_kb893803v2$\reg00038
i:\windows\$msi31uninstall_kb893803v2$\reg00039
i:\windows\$msi31uninstall_kb893803v2$\reg00040
i:\windows\$msi31uninstall_kb893803v2$\reg00041
i:\windows\$msi31uninstall_kb893803v2$\reg00042
i:\windows\$msi31uninstall_kb893803v2$\reg00043
i:\windows\$msi31uninstall_kb893803v2$\reg00044
i:\windows\$msi31uninstall_kb893803v2$\reg00045
i:\windows\$msi31uninstall_kb893803v2$\reg00046
i:\windows\$msi31uninstall_kb893803v2$\reg00047
i:\windows\$msi31uninstall_kb893803v2$\reg00048
i:\windows\$msi31uninstall_kb893803v2$\reg00051
i:\windows\$msi31uninstall_kb893803v2$\reg00052
i:\windows\$msi31uninstall_kb893803v2$\reg00053
i:\windows\$msi31uninstall_kb893803v2$\reg00054
i:\windows\$msi31uninstall_kb893803v2$\reg00055
i:\windows\$msi31uninstall_kb893803v2$\reg00056
i:\windows\$msi31uninstall_kb893803v2$\reg00057
i:\windows\$msi31uninstall_kb893803v2$\reg00058
i:\windows\$msi31uninstall_kb893803v2$\reg00059
i:\windows\$msi31uninstall_kb893803v2$\reg00060
i:\windows\$msi31uninstall_kb893803v2$\reg00061
i:\windows\$msi31uninstall_kb893803v2$\reg00062
i:\windows\$msi31uninstall_kb893803v2$\reg00063
i:\windows\$msi31uninstall_kb893803v2$\reg00064
i:\windows\$msi31uninstall_kb893803v2$\reg00065
i:\windows\$msi31uninstall_kb893803v2$\reg00066
i:\windows\$msi31uninstall_kb893803v2$\reg00067
i:\windows\$msi31uninstall_kb893803v2$\reg00068
i:\windows\$msi31uninstall_kb893803v2$\reg00069
i:\windows\$msi31uninstall_kb893803v2$\reg00070
i:\windows\$msi31uninstall_kb893803v2$\reg00071
i:\windows\$msi31uninstall_kb893803v2$\reg00072
i:\windows\$msi31uninstall_kb893803v2$\reg00073
i:\windows\$msi31uninstall_kb893803v2$\reg00074
i:\windows\$msi31uninstall_kb893803v2$\reg00075
i:\windows\$msi31uninstall_kb893803v2$\reg00076
i:\windows\$msi31uninstall_kb893803v2$\reg00077
i:\windows\$msi31uninstall_kb893803v2$\reg00078
i:\windows\$msi31uninstall_kb893803v2$\reg00079
i:\windows\$msi31uninstall_kb893803v2$\reg00080
i:\windows\$msi31uninstall_kb893803v2$\reg00081
i:\windows\$msi31uninstall_kb893803v2$\reg00082
i:\windows\$msi31uninstall_kb893803v2$\reg00083
i:\windows\$msi31uninstall_kb893803v2$\reg00084
i:\windows\$msi31uninstall_kb893803v2$\reg00085
i:\windows\$msi31uninstall_kb893803v2$\reg00086
i:\windows\$msi31uninstall_kb893803v2$\reg00087
i:\windows\$msi31uninstall_kb893803v2$\reg00088
i:\windows\$msi31uninstall_kb893803v2$\reg00089
i:\windows\$msi31uninstall_kb893803v2$\reg00090
i:\windows\$msi31uninstall_kb893803v2$\reg00091
i:\windows\$msi31uninstall_kb893803v2$\reg00092
i:\windows\$msi31uninstall_kb893803v2$\reg00093
i:\windows\$msi31uninstall_kb893803v2$\reg00094
i:\windows\$msi31uninstall_kb893803v2$\reg00095
i:\windows\$msi31uninstall_kb893803v2$\reg00096
i:\windows\$msi31uninstall_kb893803v2$\reg00097
i:\windows\$msi31uninstall_kb893803v2$\reg00098
i:\windows\$msi31uninstall_kb893803v2$\reg00099
i:\windows\$msi31uninstall_kb893803v2$\reg00100
i:\windows\$msi31uninstall_kb893803v2$\reg00101
i:\windows\$msi31uninstall_kb893803v2$\reg00102
i:\windows\$msi31uninstall_kb893803v2$\reg00103
i:\windows\$msi31uninstall_kb893803v2$\reg00104
i:\windows\$msi31uninstall_kb893803v2$\reg00105
i:\windows\$msi31uninstall_kb893803v2$\reg00106
i:\windows\$msi31uninstall_kb893803v2$\reg00107
i:\windows\$msi31uninstall_kb893803v2$\reg00108
i:\windows\$msi31uninstall_kb893803v2$\reg00109
i:\windows\$msi31uninstall_kb893803v2$\reg00110
i:\windows\$msi31uninstall_kb893803v2$\reg00111
i:\windows\$msi31uninstall_kb893803v2$\reg00112
i:\windows\$msi31uninstall_kb893803v2$\reg00113
i:\windows\$msi31uninstall_kb893803v2$\reg00114
i:\windows\$msi31uninstall_kb893803v2$\reg00115
i:\windows\$msi31uninstall_kb893803v2$\reg00116
i:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
i:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
i:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
i:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
i:\windows\system32\Cache
i:\windows\system32\Cache\075884af680ff6dc.fb
i:\windows\system32\Cache\227113dfa1ca894d.fb
i:\windows\system32\Cache\49fbbc5a8678d502.fb
i:\windows\system32\Cache\613e8ce7ab7106af.fb
i:\windows\system32\Cache\633a76311867bd11.fb
i:\windows\system32\Cache\691f14230153a9e1.fb
i:\windows\system32\Cache\6cb409d7ac73d9f1.fb
i:\windows\system32\Cache\7614bd6cfa99e546.fb
i:\windows\system32\Cache\77664b6ccc36be9f.fb
i:\windows\system32\Cache\881b3593316772f0.fb
i:\windows\system32\Cache\98657d0579ae1930.fb
i:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
i:\windows\system32\Cache\d9ca663388d21ec0.fb
i:\windows\system32\Cache\eb8ca88241490dda.fb
i:\windows\system32\Cache\f2cda51fd108941f.fb
i:\windows\system32\Cache\f34d8db84131d925.fb
i:\windows\system32\tooldownloadreadme.htm
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-25 to 2015-12-25  )))))))))))))))))))))))))))))))
.
.
2015-12-25 12:16 . 2015-12-25 15:08    --------    d-----w-    i:\program files\AVAST Software
2015-12-24 15:36 . 2015-12-24 15:36    --------    d-----w-    i:\documents and settings\Simon Hill\Application Data\Windows Search
2015-12-24 15:29 . 2008-09-30 06:19    57344    -c----w-    i:\windows\system32\dllcache\uexfat.dll
2015-12-24 15:29 . 2008-09-30 06:19    57344    ------w-    i:\windows\system32\uexfat.dll
2015-12-24 15:29 . 2008-09-29 10:21    133632    -c----w-    i:\windows\system32\dllcache\exfat.sys
2015-12-24 15:29 . 2008-09-29 10:21    133632    ------w-    i:\windows\system32\drivers\exfat.sys
2015-12-24 15:25 . 2015-12-24 15:25    --------    d-----w-    i:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2015-12-24 15:25 . 2015-12-24 15:25    --------    d-----w-    i:\documents and settings\Simon Hill\Application Data\Windows Desktop Search
2015-12-24 15:24 . 2015-12-25 12:30    --------    d-----w-    i:\program files\Windows Desktop Search
2015-12-24 15:24 . 2015-12-24 15:24    --------    d-----w-    i:\windows\system32\GroupPolicy
2015-12-23 14:18 . 2015-12-23 14:18    57344    ----a-w-    i:\documents and settings\Simon Hill\Application Data\cbsnkpab.exe
2015-12-08 23:19 . 2015-11-20 10:51    53960    ----a-w-    i:\windows\system32\drivers\qutmipc.sys
2015-12-07 15:25 . 2015-12-14 19:31    --------    d-----w-    i:\documents and settings\All Users\Application Data\VallEmyo
2015-12-07 15:05 . 2015-12-07 15:05    --------    d-----w-    i:\windows\system32\config\systemprofile\.oracle_jre_usage
2015-12-03 15:40 . 2015-12-04 08:24    --------    d-----w-    i:\program files\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-15 20:43 . 2015-05-22 22:37    170200    ----a-w-    i:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-23 18:50 . 2012-07-13 15:49    780488    ----a-w-    i:\windows\system32\FlashPlayerApp.exe
2015-11-23 18:50 . 2012-07-13 15:49    142536    ----a-w-    i:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-26 18:26 . 2014-10-06 14:53    97888    ----a-w-    i:\windows\system32\WindowsAccessBridge.dll
2015-10-26 18:26 . 2010-08-15 13:20    146432    ----a-w-    i:\windows\system32\javacpl.cpl
2015-10-05 09:50 . 2015-05-22 22:36    121560    ----a-w-    i:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 09:50 . 2011-12-25 20:01    23256    ----a-w-    i:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="i:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="i:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
i:\documents and settings\Simon Hill\Start Menu\Programs\Startup\
Spamihilator.lnk - i:\program files\Spamihilator\spamihilator.exe [2015-5-26 1943040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "i:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK RTL8187B Wireless LAN Utility.lnk]
path=i:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187B Wireless LAN Utility.lnk
backup=i:\windows\pss\REALTEK RTL8187B Wireless LAN Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
i:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
i:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-05-01 18:10    1022152    ----a-w-    i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2000-01-01 00:00    64104    ----a-w-    i:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 21:56    59280    ----a-w-    i:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    i:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-12-10 18:49    196608    ----a-w-    i:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 15:24    421888    ----a-w-    i:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2000-01-01 00:00    20064872    ----a-w-    i:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 16:42    20584608    ----a-r-    i:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAuto.exe]
2008-08-13 03:49    405504    ----a-w-    i:\program files\Creative\Software Update 3\SoftAuto.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-04-05 20:44    98304    ----a-w-    i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-10-06 18:53    597040    ----a-w-    i:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2014-06-05 03:19    248176    ----a-w-    i:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="i:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"ctfmon.exe"=i:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=i:\program files\Spybot - Search & Destroy\TeaTimer.exe
"AVG-Secure-Search-Update_0913b"=i:\documents and settings\Simon Hill\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 12f9aeebe468f5eecd4d511cbe66507d-34f80e20b4d4c2e5ffdc61b6219e9abccfb5c443 --CMPID 0913b
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="i:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Ulead AutoDetector v2"=i:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Six Engine"="i:\program files\ASUS\Six Engine\SixEngine.exe" -r
"ArcSoft Connection Service"=i:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Alcmtr"=ALCMTR.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\WINDOWS\\system32\\PnkBstrA.exe"=
"i:\\WINDOWS\\system32\\PnkBstrB.exe"=
"i:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"i:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
"i:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"i:\\WINDOWS\\system32\\mmc.exe"=
"i:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"i:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"i:\\WINDOWS\\system32\\dpvsetup.exe"=
"i:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"i:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"i:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"i:\\WINDOWS\\system32\\muzapp.exe"=
"i:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"i:\\Program Files\\Skype\\Phone\\Skype.exe"=
"i:\\Program Files\\Spamihilator\\spamihilator.exe"=
"i:\\Program Files\\Spamihilator\\cdcc.exe"=
"i:\\Program Files\\Spamihilator\\dccproc.exe"=
"i:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 mv61xx;mv61xx;i:\windows\system32\drivers\mv61xx.sys [23/06/2008 22:21 159024]
R2 cpuz133;cpuz133;i:\windows\system32\drivers\cpuz133_x32.sys [28/04/2010 19:25 20968]
R3 MBAMProtector;MBAMProtector;i:\windows\system32\drivers\mbam.sys [25/12/2011 20:01 23256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;i:\windows\system32\drivers\RtsUStor.sys [04/05/2011 22:09 193640]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;i:\windows\system32\drivers\RTL8187B.sys [20/08/2009 19:23 341376]
S0 Lbd;Lbd;i:\windows\system32\DRIVERS\Lbd.sys --> i:\windows\system32\DRIVERS\Lbd.sys [?]
S1 qutmipc;qutmipc;i:\windows\system32\drivers\qutmipc.sys [08/12/2015 23:19 53960]
S1 SASKUTIL;SASKUTIL;\??\i:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"i:\program files\SUPERAntiSpyware\SASCORE.EXE" --> i:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 MBAMService;MBAMService;i:\program files\Malwarebytes Anti-Malware\mbamservice.exe [22/05/2015 22:37 1135416]
S2 WinDefend;Windows Defender;i:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 Ambfilt;Ambfilt;i:\windows\system32\drivers\Ambfilt.sys [14/04/2009 22:22 1691480]
S3 BIOSCHK;BIOSCHK;\??\i:\docume~1\SIMONH~1\LOCALS~1\Temp\TII7.tmp\disk1\BIOSCHK.SYS --> i:\docume~1\SIMONH~1\LOCALS~1\Temp\TII7.tmp\disk1\BIOSCHK.SYS [?]
S3 CTUPnPSv;Creative Centrale Media Server;i:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 11:42 64000]
S3 dgderdrv;dgderdrv;i:\windows\system32\drivers\dgderdrv.sys [05/05/2014 17:23 20032]
S3 eapihdrv;eapihdrv;\??\i:\docume~1\SIMONH~1\LOCALS~1\Temp\ehdrv.sys --> i:\docume~1\SIMONH~1\LOCALS~1\Temp\ehdrv.sys [?]
S3 gupdate1c9ac0b8a333800;Google Update Service (gupdate1c9ac0b8a333800);i:\program files\Google\Update\GoogleUpdate.exe [23/03/2009 23:03 144200]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\i:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> i:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SkypeUpdate;Skype Updater;i:\program files\Skype\Updater\Updater.exe [23/10/2013 08:15 172192]
S3 SysProtDrv.sys;SysProtDrv.sys;\??\i:\documents and settings\Simon Hill\Desktop\SysProtDrv.sys --> i:\documents and settings\Simon Hill\Desktop\SysProtDrv.sys [?]
S3 TomTomHOMEService;TomTomHOMEService;i:\program files\TomTom HOME 2\TomTomHOMEService.exe [05/06/2014 03:19 93040]
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-25 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 07:51]
.
2015-12-25 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 07:51]
.
2015-12-24 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
- i:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-09 07:45]
.
2015-12-25 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
- i:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-09 07:45]
.
2015-12-16 i:\windows\Tasks\Windows Update.job
- i:\windows\system32\wupdmgr.exe [2004-08-04 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: o2.co.uk\*.broadband
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - i:\documents and settings\Simon Hill\Application Data\Mozilla\Firefox\Profiles\swu74cuq.default-1450291966218\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Creative Centrale - i:\documents and settings\All Users\Application Data\{35E78C3F-A136-46F8-8B7E-979CEDFC199F}\Setup.exe
AddRemove-Creative Software Update - i:\documents and settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}\setup.exe
AddRemove-Creative ZEN X-Fi Video Converter - i:\documents and settings\All Users\Application Data\{47B5977E-772D-4BBA-AAA4-4C8FF0532136}\ZEN X-Fi Video Converter.exe
AddRemove-Steam App 207890 - i:\program files\Steam\steam.exe
AddRemove-{4442AB48-DEC4-4B39-B067-1F75BF8017E7} - i:\documents and settings\All Users\Application Data\{35E78C3F-A136-46F8-8B7E-979CEDFC199F}\Setup.exe
AddRemove-{60451544-C17E-4057-9273-5F10176472BD} - i:\documents and settings\All Users\Application Data\{47B5977E-772D-4BBA-AAA4-4C8FF0532136}\ZEN X-Fi Video Converter.exe
AddRemove-{86604C06-DA30-425E-AECE-47304FE81C45} - i:\documents and settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}\setup.exe
AddRemove-MyFreeCodec - i:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-25 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-1644491937-839522115-1004\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:72,82,3b,59,6c,86,c5,06,90,d6,d0,0f,8b,ae,60,ea,d5,a9,39,ca,79,
   95,7c,03,2a,d4,59,4a,19,62,d0,7c,2e,6e,61,7b,88,a9,5b,79,96,78,87,7e,4e,9f,\
"rkeysecu"=hex:96,34,e7,d5,e4,5d,73,63,eb,7a,ca,94,f8,af,53,c3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="i:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(624)
i:\windows\system32\Ati2evxx.dll
i:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1844)
i:\windows\system32\WININET.dll
i:\windows\system32\msi.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
i:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
i:\program files\Creative\Shared Files\CTDevSrv.exe
i:\windows\system32\PnkBstrA.exe
i:\windows\system32\SearchIndexer.exe
.
**************************************************************************
.
Completion time: 2015-12-25  16:01:01 - machine was rebooted
ComboFix-quarantined-files.txt  2015-12-25 16:00
ComboFix2.txt  2012-09-20 09:57
.
Pre-Run: 419,603,046,400 bytes free
Post-Run: 419,676,921,856 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F616D5CE7FF3DE825E1EA89C998A21F5
8F558EB6672622401DA993E1E865C861
 


Edited by Slime58, 25 December 2015 - 01:15 PM.


#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 25 December 2015 - 12:29 PM

Hi Slime58 :)

 

Other than the difficulty you had launching ComboFix, have you tried using your browser and finding out whether or not you are able to download any files?



#10 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 25 December 2015 - 03:34 PM

Hi Slime58 :)

 

Other than the difficulty you had launching ComboFix, have you tried using your browser and finding out whether or not you are able to download any files?

 

Boom!

I can now download programmes ................................ I just tried it with ComboFix and it worked!

I've also just successfully printed a PDF file and an email, both of which I was previously unable to do!

You're performing magic, my friend, pure magic.

I still can't run as admin though and I'm scared to try a system restore in case the things you have done become undone.

I still can't find my missing music either.

What did ComboFix do? I'll probably not understand but I am interested.

Where do we go from here?

 

Thanks again,

 

Slime58.



#11 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 26 December 2015 - 06:53 AM

I'm not sure this is relevat, but in 'My Computer' where all my drives are listed, there's also a folder called Shared Documents that I can't seem to delete or move!

Thought I'd mention that .............................. just in case.

 

Slime58.



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 26 December 2015 - 01:29 PM

Hi Slime58,

Glad to hear that some functionality has returned. :)

I'm not sure this is relevat, but in 'My Computer' where all my drives are listed, there's also a folder called Shared Documents that I can't seem to delete or move!

Thought I'd mention that .............................. just in case.

In order to give you an accurate answer to your above question and not delay the release of what I've already prepared, I will hold off giving you a response until I've done some research.

I still can't run as admin though

What is that limitation preventing you from doing?

I still can't find my missing music either.

Can you find the folders that contained your music?

What did ComboFix do?

What ComboFix does is only known to its author. That's why it's so effective.

Please see the following link and specifically, this part:

step1.gifQuestions about ComboFix and how it works:

General discussions about ComboFix and support questions are permitted. This includes anything about ComboFix that is publicly known and available in Internet articles and in the authorized guide: How to use ComboFix. Information about the private scripting directives and certain specifics not available to the public (i.e. how Combofx works, the routines it performs, development, etc) is not permitted to be discussed publicly.

 

I'm scared to try a system restore in case the things you have done become undone.

From the same link as above:

[After running ComboFix] I can tell you that one thing is that all your restore points will be flushed out and a new one created

Next:

Let's address the Security Center glitch with Avast.
 
We need to repair Security Center Registration with wbemtest

  • Go to Start -> Run or press Windows key + R.
  • Type in wbemtest and press enter.
  • Press Connect...
  • In Namespace box type in root\SecurityCenter and press Connect.
  • Press Enum Instances...Button.
  • Then copy and paste one of the following bold into the box: AntivirusProduct and press OK.
  • Highlight the entry, {7591DB91-41F0-48A3-B128-1A293FD8233D}, and press Delete.

You may also refer to the following diagram for procedures:
1421074711-outputWTOL-o.gif
Next:

  • Run the FRST program again.
  • Check the box for Addition.txt
  • Click on the Scan button.
  • When the scan has completed, copy and paste FRST.txt and Addition.txt into your next reply to me.

In summary I will need from you:

  • FRST and Addition logs
  • Were you able to run the security registration tool successfully?
  • Did you have any luck finding your music files?

Let me know if you have any questions.
 
polskamachina



#13 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 26 December 2015 - 07:41 PM

Hi mate.

 

You wrote in your latest reply;

 

In summary I will need from you:

  • FRST and Addition logs
  • Were you able to run the security registration tool successfully?
  • Did you have any luck finding your music files?

The requested logs are at the end of this post. Oh, I'm assuming I don't hit the fix button.

The security reg tool ran fine and avast! seems to have gone. I now have no AV at all! Any recommendations?

The music that fell out of Media Player also appears to be missing from my music folder in 'My Documents', I just can't find the missing stuff at all!

 

Again, many thanks for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-12-2015
Ran by Simon Hill (administrator) on SIMON (27-12-2015 00:24:35)
Running from I:\Documents and Settings\Simon Hill\Desktop
Loaded Profiles: Simon Hill (Available Profiles: Simon Hill & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft) I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Creative Technology Ltd) I:\Program Files\Creative\Shared Files\CTDevSrv.exe
() I:\WINDOWS\system32\PnkBstrA.exe
(Michel Krämer) I:\Program Files\Spamihilator\spamihilator.exe
(Mozilla Corporation) I:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) I:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) I:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\AtiExtEvent: I:\WINDOWS\system32\Ati2evxx.dll [2011-04-06] (ATI Technologies Inc.)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => I:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => I:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - I:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - I:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: I:\Documents and Settings\Simon Hill\Start Menu\Programs\Startup\Spamihilator.lnk [2015-05-26]
ShortcutTarget: Spamihilator.lnk -> I:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B6F9935A-4C54-4DF5-A78A-22D3275213F3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-1644491937-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1645522239-1644491937-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> I:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-26] (Oracle Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> I:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> I:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-26] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - I:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-1645522239-1644491937-839522115-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - I:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266968248870
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - I:\Program Files\WOT\WOT.dll [2013-09-02] ()

FireFox:
========
FF ProfilePath: I:\Documents and Settings\Simon Hill\Application Data\Mozilla\Firefox\Profiles\swu74cuq.default-1450291966218
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> I:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-23] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> H:\Program Files\Picasa2\npPicasa3.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> I:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> I:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> I:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> I:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> I:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-09] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> I:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> I:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: Adobe Reader -> I:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-09] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: I:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-06] (Apple Inc.)
FF Extension: New Tab Homepage - I:\Documents and Settings\Simon Hill\Application Data\Mozilla\Firefox\Profiles\swu74cuq.default-1450291966218\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-12-16]
FF Extension: Adblock Plus - I:\Documents and Settings\Simon Hill\Application Data\Mozilla\Firefox\Profiles\swu74cuq.default-1450291966218\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-16]
FF Extension: Skype Click to Call - I:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-25] [not signed]
FF Extension: Skype extension for Firefox - I:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2015-12-25] [not signed]
FF Extension: Java Console - I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-12-25] [not signed]

Chrome:
=======
CHR Profile: I:\Documents and Settings\Simon Hill\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - I:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; I:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [51712 2007-10-11] (ArcSoft)
R2 CTDevice_Srv; I:\Program Files\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; I:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 gupdate1c9ac0b8a333800; I:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
S3 IDriverT; I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; I:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 NMSAccessU; I:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-09-06] ()
R2 PnkBstrA; I:\WINDOWS\system32\PnkBstrA.exe [66872 2010-08-12] ()
S3 ServiceLayer; I:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
S2 WinDefend; I:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 !SASCORE; "I:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [X]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; I:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-05-04] (Cisco Systems, Inc.) [File not signed]
S3 Afc; I:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S3 Ambfilt; I:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2000-01-01] (Creative)
R1 AsIO; I:\WINDOWS\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 ATITool; I:\WINDOWS\System32\DRIVERS\ATITool.sys [28160 2005-05-30] (W1zzard) [File not signed]
R2 cpuz133; I:\WINDOWS\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
S3 ENTECH; I:\WINDOWS\system32\DRIVERS\ENTECH.SYS [20400 1999-10-21] (EnTech Taiwan) [File not signed]
R0 giveio; I:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 L1e; I:\WINDOWS\System32\DRIVERS\l1e51x86.sys [38400 2000-01-01] (Atheros Communications, Inc.) [File not signed]
R3 MBAMProtector; I:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 Monfilt; I:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2000-01-01] (Creative Technology Ltd.)
R3 MTsensor; I:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; I:\WINDOWS\System32\DRIVERS\mv61xx.sys [159024 2010-10-26] (Marvell Semiconductor, Inc.)
S3 PCANDIS5; I:\WINDOWS\system32\PCANDIS5.SYS [17134 2009-08-20] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 PxHelp20; I:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-10-26] (Sonic Solutions) [File not signed]
S1 qutmipc; I:\WINDOWS\system32\drivers\qutmipc.sys [53960 2015-11-20] (360.cn)
R3 RTL8187B; I:\WINDOWS\System32\DRIVERS\RTL8187B.sys [341376 2000-01-01] (Realtek Semiconductor Corporation                           )
R0 speedfan; I:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 StarOpen; I:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
S3 BIOSCHK; \??\I:\DOCUME~1\SIMONH~1\LOCALS~1\Temp\TII7.tmp\disk1\BIOSCHK.SYS [X]
S3 catchme; \??\I:\ComboFix\catchme.sys [X]
S3 eapihdrv; \??\I:\DOCUME~1\SIMONH~1\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
S3 Lavasoft Kernexplorer; \??\I:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 PCAMPR5; \??\I:\WINDOWS\system32\PCAMPR5.SYS [X]
S1 SASKUTIL; \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
U5 ScsiPort; I:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SysProtDrv.sys; \??\I:\Documents and Settings\Simon Hill\Desktop\SysProtDrv.sys [X]
U3 TlntSvr; no ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 00:21 - 2015-12-27 00:21 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\FRST-OlderVersion
2015-12-25 16:51 - 2015-12-26 11:50 - 00000000 ____D I:\Program Files\Mozilla Firefox
2015-12-25 16:01 - 2015-12-27 00:24 - 00000000 ____D I:\Documents and Settings\Simon Hill\Local Settings\temp
2015-12-25 16:01 - 2015-12-25 16:01 - 00025257 _____ I:\ComboFix.txt
2015-12-25 16:01 - 2015-12-25 16:01 - 00000000 ____D I:\Documents and Settings\NetworkService\Local Settings\temp
2015-12-25 16:01 - 2015-12-25 16:01 - 00000000 ____D I:\Documents and Settings\LocalService\Local Settings\temp
2015-12-25 16:01 - 2015-12-25 16:01 - 00000000 ____D I:\Documents and Settings\Default User\Local Settings\temp
2015-12-25 16:01 - 2015-12-25 16:01 - 00000000 ____D I:\Documents and Settings\Administrator\Local Settings\temp
2015-12-25 15:37 - 2015-12-25 15:37 - 00000000 _RSHD I:\cmdcons
2015-12-25 15:34 - 2011-06-26 06:45 - 00256000 _____ I:\WINDOWS\PEV.exe
2015-12-25 15:34 - 2010-11-07 17:20 - 00208896 _____ I:\WINDOWS\MBR.exe
2015-12-25 15:34 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) I:\WINDOWS\NIRCMD.exe
2015-12-25 15:34 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) I:\WINDOWS\SWREG.exe
2015-12-25 15:34 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) I:\WINDOWS\SWSC.exe
2015-12-25 15:34 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) I:\WINDOWS\SWXCACLS.exe
2015-12-25 15:34 - 2000-08-31 00:00 - 00098816 _____ I:\WINDOWS\sed.exe
2015-12-25 15:34 - 2000-08-31 00:00 - 00080412 _____ I:\WINDOWS\grep.exe
2015-12-25 15:34 - 2000-08-31 00:00 - 00068096 _____ I:\WINDOWS\zip.exe
2015-12-25 12:30 - 2015-12-25 12:30 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB963093$
2015-12-25 12:30 - 2015-12-25 12:30 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB2813347-v2$
2015-12-25 12:16 - 2015-12-25 15:08 - 00000000 ____D I:\Program Files\AVAST Software
2015-12-25 12:15 - 2015-12-25 12:18 - 05762544 _____ (AVAST Software) I:\Documents and Settings\Simon Hill\Desktop\avastclear.exe
2015-12-25 11:56 - 2015-12-25 16:01 - 00000000 ____D I:\Qoobox
2015-12-25 11:53 - 2015-12-25 11:53 - 05641584 ____R (Swearware) I:\Documents and Settings\Simon Hill\Desktop\ComboFix.exe
2015-12-25 11:40 - 2015-12-25 11:40 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Print
2015-12-25 11:39 - 2015-12-25 11:42 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Maria
2015-12-24 15:40 - 2015-12-24 15:40 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB2935092$
2015-12-24 15:40 - 2015-12-24 15:40 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB2836198$
2015-12-24 15:36 - 2015-12-24 15:36 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB981669$
2015-12-24 15:36 - 2015-12-24 15:36 - 00000000 ____D I:\Documents and Settings\Simon Hill\Application Data\Windows Search
2015-12-24 15:35 - 2015-12-24 15:35 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB974841-v2$
2015-12-24 15:34 - 2015-12-24 15:34 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB971513$
2015-12-24 15:33 - 2015-12-24 15:33 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB971314$
2015-12-24 15:33 - 2015-12-24 15:33 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB969084$
2015-12-24 15:30 - 2015-12-24 15:30 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB961503$
2015-12-24 15:29 - 2015-12-24 15:29 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB955704$
2015-12-24 15:29 - 2008-09-30 06:19 - 00057344 ____N (Microsoft Corporation) I:\WINDOWS\system32\uexfat.dll
2015-12-24 15:29 - 2008-09-30 06:19 - 00057344 ____C (Microsoft Corporation) I:\WINDOWS\system32\dllcache\uexfat.dll
2015-12-24 15:29 - 2008-09-29 10:21 - 00133632 ____N (Microsoft Corporation) I:\WINDOWS\system32\Drivers\exfat.sys
2015-12-24 15:29 - 2008-09-29 10:21 - 00133632 ____C (Microsoft Corporation) I:\WINDOWS\system32\dllcache\exfat.sys
2015-12-24 15:28 - 2015-12-24 15:28 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB954920-v2$
2015-12-24 15:28 - 2015-12-24 15:28 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB943729$
2015-12-24 15:27 - 2015-12-24 15:27 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB954708$
2015-12-24 15:27 - 2015-12-24 15:27 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB932716-v2$
2015-12-24 15:26 - 2015-12-24 15:26 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB895961-v4$
2015-12-24 15:25 - 2015-12-24 15:25 - 00000000 ____D I:\Documents and Settings\Simon Hill\Application Data\Windows Desktop Search
2015-12-24 15:25 - 2015-12-24 15:25 - 00000000 ____D I:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2015-12-24 15:24 - 2015-12-25 12:30 - 00001393 _____ I:\WINDOWS\imsins.BAK
2015-12-24 15:24 - 2015-12-25 12:30 - 00000000 ____D I:\Program Files\Windows Desktop Search
2015-12-24 15:24 - 2015-12-24 15:24 - 00001803 _____ I:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
2015-12-24 15:24 - 2015-12-24 15:24 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB940157$
2015-12-24 15:24 - 2015-12-24 15:24 - 00000000 __HDC I:\WINDOWS\$NtUninstallKB915800-v4$
2015-12-24 15:24 - 2015-12-24 15:24 - 00000000 ____D I:\WINDOWS\system32\GroupPolicy
2015-12-23 14:18 - 2015-12-23 14:18 - 00057344 _____ (Bimbo Manlia) I:\Documents and Settings\Simon Hill\Application Data\cbsnkpab.exe
2015-12-18 16:54 - 2015-12-27 00:23 - 00000406 _____ I:\Documents and Settings\Simon Hill\Desktop\Addition.txt
2015-12-18 16:53 - 2015-12-27 00:24 - 00014835 _____ I:\Documents and Settings\Simon Hill\Desktop\FRST.txt
2015-12-18 16:47 - 2015-12-27 00:21 - 01721856 _____ (Farbar) I:\Documents and Settings\Simon Hill\Desktop\FRST.exe
2015-12-18 16:40 - 2015-12-18 16:40 - 00001011 _____ I:\Documents and Settings\Simon Hill\Desktop\Booking.txt
2015-12-17 19:42 - 2015-12-25 11:54 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Old Scan Stuff
2015-12-17 09:20 - 2015-12-17 09:20 - 00039905 _____ I:\Documents and Settings\Simon Hill\Desktop\Audrey Timetable..pdf
2015-12-16 18:52 - 2015-12-16 18:52 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Old Firefox Data
2015-12-16 17:51 - 2015-12-16 17:58 - 00000000 ___RD I:\Documents and Settings\Simon Hill\Desktop\My Pictures
2015-12-16 09:36 - 2015-12-16 09:36 - 00000000 ___HD I:\Program Files\WindowsUpdate
2015-12-15 23:28 - 2015-12-15 23:28 - 00000000 _____ I:\WINDOWS\system32\Drivers\etc\hosts_bak_700
2015-12-15 19:07 - 2015-12-15 19:13 - 00132528 _____ I:\TDSSKiller.3.1.0.9_15.12.2015_19.07.57_log.txt
2015-12-15 19:05 - 2015-12-15 19:06 - 00000364 _____ I:\TDSSKiller.3.1.0.8_15.12.2015_19.05.59_log.txt
2015-12-14 16:55 - 2015-12-14 16:56 - 00000024 _____ I:\Documents and Settings\Simon Hill\Desktop\heurqvm40.1.malware.gen.txt
2015-12-14 16:16 - 2015-12-14 16:16 - 00039897 _____ I:\Documents and Settings\Simon Hill\Desktop\Audrey Wells.pdf
2015-12-14 16:08 - 2015-12-16 17:02 - 00038064 _____ I:\Documents and Settings\Simon Hill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-12-14 16:04 - 2015-12-14 16:04 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\2kxpinf
2015-12-14 16:03 - 2015-12-14 16:04 - 05926656 _____ (Hewlett Packard) I:\Documents and Settings\Simon Hill\Desktop\990-enu-xpinfu.exe
2015-12-14 15:54 - 2015-12-14 15:54 - 00039899 _____ I:\Documents and Settings\Simon Hill\Desktop\wells 14-12-15.pdf
2015-12-08 23:47 - 2015-12-16 14:06 - 00168304 _____ I:\WINDOWS\system32\FNTCACHE.DAT
2015-12-08 23:19 - 2015-11-20 10:51 - 00053960 _____ (360.cn) I:\WINDOWS\system32\Drivers\qutmipc.sys
2015-12-07 18:22 - 2015-12-07 18:22 - 00000654 _____ I:\Documents and Settings\All Users\Desktop\Speccy.lnk
2015-12-07 15:25 - 2015-12-14 19:31 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\VallEmyo
2015-12-03 15:40 - 2015-12-04 08:24 - 00000000 ____D I:\Program Files\Mozilla Thunderbird
2015-12-02 14:01 - 2015-12-02 14:01 - 00311402 _____ I:\Documents and Settings\Simon Hill\Desktop\premium-bonds-brochure.pdf
2015-12-02 14:01 - 2015-12-02 14:01 - 00053767 _____ I:\Documents and Settings\Simon Hill\Desktop\premium-bonds-application-form.pdf
2015-11-30 09:11 - 2015-11-30 09:29 - 00000000 ____D I:\Documents and Settings\Simon Hill\Desktop\Mum & Dad's Claim

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 00:24 - 2015-05-21 18:01 - 00000000 ____D I:\FRST
2015-12-27 00:24 - 2009-03-24 19:12 - 00000000 ____D I:\Documents and Settings\Simon Hill\Application Data\Spamihilator
2015-12-27 00:24 - 2009-03-15 21:32 - 00000000 ____D I:\WINDOWS
2015-12-27 00:06 - 2009-03-15 14:00 - 00000000 ___RD I:\Documents and Settings\Simon Hill\My Documents
2015-12-26 23:55 - 2010-03-18 15:10 - 00000886 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-26 23:50 - 2014-02-09 07:45 - 00000998 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-12-26 23:47 - 2009-03-15 14:00 - 00000000 ___RD I:\Documents and Settings\Simon Hill\My Documents\My Pictures
2015-12-26 23:41 - 2014-10-05 17:08 - 00000000 ____D I:\Documents and Settings\Simon Hill\My Documents\Andi's Stuff
2015-12-26 23:37 - 2009-03-15 14:00 - 00000000 ___RD I:\Documents and Settings\Simon Hill\My Documents\My Music
2015-12-26 23:35 - 2012-05-03 11:24 - 00000000 ____D I:\Program Files\Mozilla Maintenance Service
2015-12-26 23:35 - 2010-03-18 15:10 - 00000882 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-26 23:35 - 2009-03-15 13:59 - 00000006 ____H I:\WINDOWS\Tasks\SA.DAT
2015-12-26 23:35 - 2004-08-04 12:00 - 00001374 _____ I:\WINDOWS\system32\wpa.dbl
2015-12-26 14:46 - 2009-03-15 14:00 - 00000178 ___SH I:\Documents and Settings\Simon Hill\ntuser.ini
2015-12-26 14:46 - 2009-03-15 13:59 - 00032636 _____ I:\WINDOWS\SchedLgU.Txt
2015-12-25 20:32 - 2009-03-15 21:40 - 00361994 _____ I:\WINDOWS\system32\PerfStringBackup.INI
2015-12-25 20:31 - 2009-03-15 13:59 - 00000000 __SHD I:\Documents and Settings\LocalService
2015-12-25 16:01 - 2009-03-15 21:38 - 00000000 ___HD I:\Documents and Settings\Default User
2015-12-25 16:01 - 2009-03-15 13:58 - 00000000 __SHD I:\Documents and Settings\NetworkService
2015-12-25 15:56 - 2004-08-04 12:00 - 00000227 _____ I:\WINDOWS\system.ini
2015-12-25 15:48 - 2009-11-02 02:24 - 00000000 ____D I:\Documents and Settings\Simon Hill\Local Settings\Application Data\Temp
2015-12-25 15:37 - 2009-03-15 21:37 - 00000327 ___SH I:\boot.ini
2015-12-25 15:08 - 2015-05-22 20:26 - 00000000 ____D I:\Program Files\360
2015-12-25 15:06 - 2015-05-22 19:05 - 00457216 _____ I:\WINDOWS\ntbtlog.txt
2015-12-25 12:30 - 2009-03-15 21:32 - 00000000 RSHDC I:\WINDOWS\system32\dllcache
2015-12-25 12:30 - 2009-03-15 21:32 - 00000000 ____D I:\WINDOWS\inf
2015-12-25 11:55 - 2010-02-18 18:17 - 00000000 ____D I:\WINDOWS\ERDNT
2015-12-25 11:40 - 2009-03-22 20:02 - 00000000 ___HD I:\WINDOWS\$hf_mig$
2015-12-24 15:39 - 2009-03-28 13:56 - 00000000 ____D I:\WINDOWS\ie8updates
2015-12-24 07:50 - 2014-02-09 07:45 - 00000946 _____ I:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-12-16 23:57 - 2009-04-12 13:01 - 00048128 _____ I:\Documents and Settings\Simon Hill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-16 09:45 - 2009-03-15 13:54 - 00000000 ____D I:\WINDOWS\Registration
2015-12-16 09:43 - 2009-03-15 13:56 - 00023392 _____ I:\WINDOWS\system32\nscompat.tlb
2015-12-16 09:43 - 2009-03-15 13:56 - 00016832 _____ I:\WINDOWS\system32\amcompat.tlb
2015-12-16 03:00 - 2010-03-01 13:41 - 00000268 _____ I:\WINDOWS\Tasks\Windows Update.job
2015-12-15 23:26 - 2009-03-22 21:29 - 00000000 ____D I:\Program Files\SUPERAntiSpyware
2015-12-15 23:26 - 2009-03-22 21:29 - 00000000 ____D I:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-12-15 20:43 - 2015-05-22 22:37 - 00170200 _____ (Malwarebytes) I:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-15 19:32 - 2015-05-22 22:36 - 00000000 ____D I:\Program Files\Malwarebytes Anti-Malware
2015-12-15 19:15 - 2015-05-22 20:30 - 00000000 ____D I:\$360Section
2015-12-15 19:15 - 2015-05-22 20:28 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\360Quarant
2015-12-09 00:33 - 2010-12-30 13:32 - 00000000 ____D I:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-12-09 00:28 - 2013-08-14 11:50 - 00000000 ____D I:\WINDOWS\system32\MRT
2015-12-09 00:24 - 2009-03-22 23:33 - 137798368 _____ (Microsoft Corporation) I:\WINDOWS\system32\MRT.exe
2015-12-08 17:25 - 2009-03-15 14:00 - 00000000 ____D I:\Documents and Settings\Simon Hill
2015-12-07 18:22 - 2015-11-23 18:53 - 00000000 ____D I:\Program Files\Speccy
2015-12-07 15:38 - 2010-03-18 15:10 - 00000000 ____D I:\Documents and Settings\LocalService\Local Settings\Application Data\Temp

==================== Files in the root of some directories =======

2014-04-18 17:42 - 2014-04-18 17:43 - 0003750 _____ () I:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2011-11-19 14:53 - 2011-11-19 15:00 - 0305152 _____ () I:\Program Files\windiag.iso
2015-12-23 14:18 - 2015-12-23 14:18 - 0057344 _____ (Bimbo Manlia) I:\Documents and Settings\Simon Hill\Application Data\cbsnkpab.exe
2009-03-24 22:20 - 2010-08-12 09:40 - 0022328 _____ () I:\Documents and Settings\Simon Hill\Application Data\PnkBstrK.sys
2009-04-12 13:01 - 2015-12-16 23:57 - 0048128 _____ () I:\Documents and Settings\Simon Hill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-26 15:51 - 2013-07-09 11:49 - 0000000 _____ () I:\Documents and Settings\Simon Hill\Local Settings\Application Data\prvlcl.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

I:\WINDOWS\explorer.exe => File is digitally signed
I:\WINDOWS\system32\winlogon.exe => File is digitally signed
I:\WINDOWS\system32\svchost.exe => File is digitally signed
I:\WINDOWS\system32\services.exe => File is digitally signed
I:\WINDOWS\system32\User32.dll => File is digitally signed
I:\WINDOWS\system32\userinit.exe => File is digitally signed
I:\WINDOWS\system32\rpcss.dll => File is digitally signed
I:\WINDOWS\system32\dnsapi.dll => File is digitally signed
I:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-12-2015
Ran by Simon Hill (2015-12-27 00:25:00)
Running from I:\Documents and Settings\Simon Hill\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2010-02-23 20:54:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1645522239-1644491937-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1645522239-1644491937-839522115-1005 - Limited - Enabled)
Guest (S-1-5-21-1645522239-1644491937-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1645522239-1644491937-839522115-1000 - Limited - Disabled)
Simon Hill (S-1-5-21-1645522239-1644491937-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Simon Hill
SUPPORT_388945a0 (S-1-5-21-1645522239-1644491937-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version:  - ArcSoft)
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.19 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{2C584286-0AD5-FE16-3E86-ADB9650878B9}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
ATITool Overclocking Utility (HKLM\...\ATITool) (Version: 0.24 - )
Call of Duty - United Offensive (HKLM\...\InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision)
Call of Duty - United Offensive (Version: 1.00.0000 - Activision) Hidden
Call of Duty Game of the Year Edition (HKLM\...\Call of Duty Game of the Year Edition) (Version:  - )
Call of Duty® - World at War™ (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty® - World at War™ (Version: 1.0 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.2.7.1794 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.54 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative ZEN X-Fi User's Guide (HKLM\...\ZENX-FI) (Version:  - Creative Technology Ltd.)
Debugging Tools for Windows (x86) (HKLM\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
DH Driver Cleaner Professional Edition (HKLM\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
Driver Magician Lite 3.8 (HKLM\...\Driver Magician Lite_is1) (Version:  - GoldSolution Software, Inc.)
EPU-6 Engine (HKLM\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.00.16 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Half-Life® 2 (HKLM\...\{D45EC259-4A19-4656-B588-C2C360DD18EA}) (Version: 1.0.0.0 - Valve)
hp deskjet 990c series (Remove only) (HKLM\...\hp deskjet 990c series) (Version:  - )
Intel Processor Diagnostic Tool  (HKLM\...\{155CE000-DDE8-4EFA-B38C-71788FAE65AF}) (Version: 19.0.0 - Intel Corporation)
Intel® Processor Frequency ID Utility (HKLM\...\{B772E270-02DF-4B70-9FA8-1383BBB81FDD}) (Version: 7.20.0000 - Intel® Corporation)
Intel® Processor ID Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.50.0000 - Intel® Corporation)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 61xx (HKLM\...\mv61xxDriver) (Version: 1.2.0.7700 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft ICE (HKLM\...\{D92A40F4-7BDD-4FAB-922F-E8D6B469AD48}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-GB)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Mozilla Thunderbird 38.4.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 38.4.0 (x86 en-GB)) (Version: 38.4.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2InstV3Win7UpdateV2 (Version: 10 - SupportSoft) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.51 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6449 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Runtime 8.0 Libraries (HKLM\...\{EA4FA30B-7321-4428-90E9-28B088EC8DC9}) (Version: 1.0.0.0 - Microsoft)
Scoresaver 2 version 2.2 (HKLM\...\{F7D55122-D0B2-490A-8AC1-E3CF64921204}_is1) (Version: 2.2 - RDP Software Ltd)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spamihilator 1.6.0 (32 bit) (HKLM\...\{961B37CC-64A0-4F1C-900C-80DD57D2B788}) (Version: 1.6.0 - Michel Krämer)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: I:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => I:\Program Files\Google\Update\GoogleUpdate.exe
Task: I:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => I:\Program Files\Google\Update\GoogleUpdate.exe
Task: I:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: I:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => I:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: I:\WINDOWS\Tasks\Windows Update.job => I:\WINDOWS\system32\wupdmgr.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-03-24 22:20 - 2010-08-12 09:40 - 00066872 _____ () I:\WINDOWS\system32\PnkBstrA.exe
2015-05-26 17:30 - 2015-05-26 17:30 - 00060416 _____ () I:\Program Files\Spamihilator\zlib1.dll
2015-05-26 17:30 - 2015-05-26 17:30 - 00279040 _____ () I:\Program Files\Spamihilator\sqlite3.dll
2015-12-03 15:40 - 2015-12-03 15:40 - 00153768 _____ () I:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-12-03 15:40 - 2015-12-03 15:40 - 00023208 _____ () I:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\o2.co.uk -> hxxp://*.broadband.o2.co.uk
IE trusted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\o2.co.uk -> hxxps://*.broadband.o2.co.uk
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1645522239-1644491937-839522115-1004\...\100sexlinks.com -> 100sexlinks.com

There are 4923 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-12-15 23:28 - 2015-12-25 15:56 - 00000027 ____A I:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1645522239-1644491937-839522115-1004\Control Panel\Desktop\\Wallpaper -> I:\Documents and Settings\Simon Hill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: I:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK RTL8187B Wireless LAN Utility.lnk => I:\WINDOWS\pss\REALTEK RTL8187B Wireless LAN Utility.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: APSDaemon => "I:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => I:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HPDJ Taskbar Utility => I:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: NokiaMServer => I:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: QuickTime Task => "I:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: Skype => "I:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SoftAuto.exe => "I:\Program Files\Creative\Software Update 3\SoftAuto.exe"
MSCONFIG\startupreg: StartCCC => "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "I:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [I:\WINDOWS\system32\PnkBstrA.exe] => Enabled:PnkBstrA
StandardProfile\AuthorizedApplications: [I:\WINDOWS\system32\PnkBstrB.exe] => Enabled:PnkBstrB
StandardProfile\AuthorizedApplications: [I:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe] => Enabled:Call of Duty® 4 - Modern Warfare™
StandardProfile\AuthorizedApplications: [I:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe] => Enabled:CoDUOMP
StandardProfile\AuthorizedApplications: [I:\Program Files\Mozilla Thunderbird\thunderbird.exe] => Enabled:Mozilla Thunderbird
StandardProfile\AuthorizedApplications: [I:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [I:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe] => Enabled:Call of Duty® - World at War™
StandardProfile\AuthorizedApplications: [I:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe] => Enabled:Call of Duty® - World at War™
StandardProfile\AuthorizedApplications: [I:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [I:\Program Files\Google\Google Earth\client\googleearth.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [I:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [I:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe] => Enabled:CoDMP
StandardProfile\AuthorizedApplications: [I:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
StandardProfile\AuthorizedApplications: [I:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [I:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [I:\Program Files\Spamihilator\spamihilator.exe] => Enabled:Spamihilator
StandardProfile\AuthorizedApplications: [I:\Program Files\Spamihilator\cdcc.exe] => Enabled:Spamihilator DCC Filter Configuration
StandardProfile\AuthorizedApplications: [I:\Program Files\Spamihilator\dccproc.exe] => Enabled:Spamihilator DCC Filter
StandardProfile\AuthorizedApplications: [I:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (I:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot
StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot
StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

28-09-2015 06:25:05 System Checkpoint
29-09-2015 13:41:08 System Checkpoint
30-09-2015 13:51:56 System Checkpoint
01-10-2015 14:02:37 System Checkpoint
02-10-2015 14:55:30 System Checkpoint
03-10-2015 15:44:34 System Checkpoint
04-10-2015 16:47:52 System Checkpoint
05-10-2015 17:38:01 System Checkpoint
06-10-2015 18:07:54 System Checkpoint
07-10-2015 18:40:06 System Checkpoint
08-10-2015 19:25:35 System Checkpoint
09-10-2015 20:23:58 System Checkpoint
11-10-2015 05:17:52 System Checkpoint
12-10-2015 05:50:14 System Checkpoint
13-10-2015 09:30:59 System Checkpoint
14-10-2015 10:20:18 System Checkpoint
14-10-2015 20:06:53 Software Distribution Service 3.0
16-10-2015 07:40:25 System Checkpoint
17-10-2015 07:55:30 System Checkpoint
18-10-2015 08:43:24 System Checkpoint
19-10-2015 09:03:07 System Checkpoint
20-10-2015 09:36:03 System Checkpoint
21-10-2015 09:39:35 System Checkpoint
22-10-2015 10:26:35 System Checkpoint
24-10-2015 14:03:29 System Checkpoint
25-10-2015 14:48:19 System Checkpoint
26-10-2015 16:26:12 System Checkpoint
27-10-2015 16:52:05 System Checkpoint
28-10-2015 17:33:13 System Checkpoint
29-10-2015 19:01:47 System Checkpoint
30-10-2015 19:16:04 System Checkpoint
31-10-2015 20:07:47 System Checkpoint
01-11-2015 20:49:19 System Checkpoint
02-11-2015 20:53:27 System Checkpoint
03-11-2015 21:20:43 System Checkpoint
05-11-2015 13:00:34 System Checkpoint
06-11-2015 14:02:50 System Checkpoint
07-11-2015 14:22:50 System Checkpoint
08-11-2015 14:50:58 System Checkpoint
08-11-2015 20:13:54 Restore Point Created by FRST
10-11-2015 11:57:41 System Checkpoint
10-11-2015 12:49:14 Restore Operation
10-11-2015 12:56:39 Restore Operation
10-11-2015 13:06:39 Restore Operation
11-11-2015 14:11:52 System Checkpoint
11-11-2015 23:58:17 Software Distribution Service 3.0
12-11-2015 09:02:22 Revo Uninstaller's restore point - Ashampoo Burning Studio FREE v.1.14.5
12-11-2015 09:05:24 Revo Uninstaller's restore point - ESET Online Scanner v3
12-11-2015 09:20:20 Restore Operation
12-11-2015 09:23:02 Restore Operation
12-11-2015 09:26:21 Restore Operation
12-11-2015 09:29:45 Restore Operation
13-11-2015 10:33:34 System Checkpoint
14-11-2015 11:20:58 System Checkpoint
15-11-2015 11:57:05 System Checkpoint
16-11-2015 12:35:51 System Checkpoint
17-11-2015 15:52:56 System Checkpoint
18-11-2015 16:38:47 System Checkpoint
19-11-2015 19:17:22 System Checkpoint
20-11-2015 19:24:42 System Checkpoint
21-11-2015 19:31:13 System Checkpoint
22-11-2015 19:38:18 System Checkpoint
23-11-2015 08:49:49 Restore Operation
23-11-2015 10:37:56 Software Distribution Service 3.0
24-11-2015 14:49:28 System Checkpoint
25-11-2015 15:33:25 System Checkpoint
26-11-2015 16:52:10 System Checkpoint
28-11-2015 17:34:44 System Checkpoint
30-11-2015 07:04:33 System Checkpoint
01-12-2015 14:03:28 System Checkpoint
02-12-2015 14:18:01 System Checkpoint
03-12-2015 15:23:57 System Checkpoint
04-12-2015 15:34:56 System Checkpoint
05-12-2015 16:31:27 System Checkpoint
06-12-2015 16:40:18 System Checkpoint
07-12-2015 14:32:24 Installed Windows Resource Kit Tools - SubInAcl.exe
07-12-2015 14:57:46 Revo Uninstaller's restore point - 360 Total Security
07-12-2015 15:05:18 Installed Windows XP Wdf01009.
07-12-2015 15:09:00 Installed Windows XP Wdf01009.
08-12-2015 15:49:42 System Checkpoint
08-12-2015 17:27:57 Restore Operation
08-12-2015 17:41:54 Restore Operation
08-12-2015 18:34:33 Revo Uninstaller's restore point - Avast Free Antivirus
08-12-2015 18:55:05 Restore Operation
08-12-2015 19:07:40 Installed Windows XP Wdf01009.
08-12-2015 19:10:33 Installed Windows XP Wdf01009.
08-12-2015 19:16:33 Revo Uninstaller's restore point - Avast Free Antivirus
09-12-2015 00:24:34 Software Distribution Service 3.0
10-12-2015 12:46:12 System Checkpoint
11-12-2015 14:13:30 System Checkpoint
12-12-2015 14:29:25 System Checkpoint
13-12-2015 15:24:21 System Checkpoint
14-12-2015 17:46:13 System Checkpoint
15-12-2015 18:22:26 System Checkpoint
15-12-2015 19:20:44 JRT Pre-Junkware Removal
15-12-2015 19:26:38 JRT Pre-Junkware Removal
16-12-2015 09:07:43 Tweaking.com - Windows Repair
17-12-2015 10:17:31 System Checkpoint
18-12-2015 11:01:59 System Checkpoint
19-12-2015 15:13:17 System Checkpoint
20-12-2015 16:09:37 System Checkpoint
21-12-2015 16:14:04 System Checkpoint
22-12-2015 16:40:07 System Checkpoint
24-12-2015 07:04:25 System Checkpoint
24-12-2015 15:24:19 Installed Windows XP KB915800-v4.
24-12-2015 15:24:38 Installed Windows XP Windows Search 4.0.
24-12-2015 15:26:14 Installed Windows XP KB895961-v4.
24-12-2015 15:27:10 Installed Windows XP KB932716-v2.
24-12-2015 15:27:56 Installed Windows XP KB954708.
24-12-2015 15:28:09 Installed Windows XP KB943729.
24-12-2015 15:28:57 Installed Windows XP KB954920-v2.
24-12-2015 15:29:56 Installed Windows XP KB955704.
24-12-2015 15:31:01 Installed Windows XP KB961503.
24-12-2015 15:32:29 Installed Windows KB971276-v3.
24-12-2015 15:33:45 Installed Windows XP KB971314.
24-12-2015 15:34:00 Installed Windows XP KB969084.
24-12-2015 15:34:23 Installed Windows XP Update for Microsoft Windows (KB971513).
24-12-2015 15:35:41 Installed Windows XP KB974841-v2.
24-12-2015 15:36:41 Installed Windows XP KB981669.
24-12-2015 15:38:09 Installed Windows XP KB2598845.
24-12-2015 15:39:11 Installed Windows XP KB2632503.
24-12-2015 15:40:08 Installed Windows XP KB2836198.
24-12-2015 15:40:57 Installed Windows XP KB2935092.
24-12-2015 16:49:25 Printer Driver Microsoft XPS Document Writer Installed
25-12-2015 12:29:47 Software Distribution Service 3.0
26-12-2015 14:18:50 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2015 12:23:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 25.12.2015.0, faulting module frst.exe, version 25.12.2015.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]

Error: (12/25/2015 08:32:53 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (12/25/2015 08:32:53 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (12/25/2015 03:53:58 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/25/2015 03:53:58 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/25/2015 03:53:57 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/25/2015 03:53:57 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (12/25/2015 03:46:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/25/2015 03:46:44 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (12/25/2015 03:46:41 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (12/26/2015 11:35:26 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/26/2015 11:35:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
qutmipc
SASKUTIL

Error: (12/26/2015 11:35:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAS Core Service service failed to start due to the following error:
%%2

Error: (12/26/2015 11:35:22 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/26/2015 11:20:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
qutmipc
SASKUTIL

Error: (12/26/2015 11:20:30 AM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/26/2015 11:20:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAS Core Service service failed to start due to the following error:
%%2

Error: (12/26/2015 11:20:28 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (12/25/2015 03:56:12 PM) (Source: 0) (EventID: 4311) (User: )
Description:

Error: (12/25/2015 03:56:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
qutmipc
SASKUTIL


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 11%
Total physical RAM: 3326.98 MB
Available physical RAM: 2941.34 MB
Total Virtual: 6491.75 MB
Available Virtual: 6175.84 MB

==================== Drives ================================

Drive h: (BackUp) (Fixed) (Total:465.76 GB) (Free:454.35 GB) NTFS
Drive i: () (Fixed) (Total:465.75 GB) (Free:390.84 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 19941993)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 744A0FA7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 28 December 2015 - 04:04 PM

Hi Slime 58 :)
 
Good job with the logs and the security center registration tool. Please read this entire message before taking any action.
 
Let's see if I can assist you in locating your missing music files:

  • Open up My Computer and find your backup drive. I believe it is assigned H:.
  • Double-click it from the My Computer window.
  • Using the search button at the top of the explorer window that opened up, type in mp3 in the search box and press the search button at the bottom of the search box.
  • If nothing is found there, continue with the following search utility.

We need to search for files with FRST:

  • Run the FRST program again
  • In the search box, type the following: *.mp3
  • Note you may extend the search to find additional music file formats by adding them to the list after *.mp3 Be sure to separate them with a semicolon. For example you could search for, *.mp3;*.wav
  • Press the Search Files button, then allow FRST to run
  • A log file Search.txt will appear when complete, please post this into your next reply to me.
  • If FRST does find the missing files, note the location and back them up!

Last time you asked me about the consequences of a system restore. If the FRST search function was unsuccessful and you'd like to try a system restore to recover your music files, you should do that now, but that of course would reintroduce any maladies that were present before ComboFix ran. If you do find that your music files reappear, then you could back them up (I'm assuming you have no other copies of these files, correct?). Next you would have to assess what problems are present with your computer after the restore operation and we'll take action from there. If you do want to try a system restore, do so now and ignore the instructions that follow this paragraph. If no music files were found  after trying a system restore, you can undo the system restore and revert back to the present date.
 
In my previous post, I asked if you could tell me what limitations you are experiencing because you cannot run a program as administrator. Your logs show you are logged on as administrator and I was wondering what specific problem this is causing you.
 
Now that you don't have an antivirus program installed and your security center has been fixed, we can start with a clean slate. I would suggest you install avast again. Here is the download link.

I'm not sure this is relevat, but in 'My Computer' where all my drives are listed, there's also a folder called Shared Documents that I can't seem to delete or move!

Why would you want to move or delete it? As far as I know, by default, these actions are not permitted.

In summary I will need from you:

  • FRST Search.txt log.
  • What are the problems you're having by not being able to run programs as administrator?
  • Reason for wanting to move/delete your shared file folder
  • Were you successful in installing avast?
  • Do you have any remaining problems other than the possible missing music files?

Let me know if you have any questions.
 
polskamachina



#15 Slime58

Slime58
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 29 December 2015 - 12:28 PM

Thanks again for your help.

In response to this,

 

In summary I will need from you:

  • FRST Search.txt log.
  • What are the problems you're having by not being able to run programs as administrator?
  • Reason for wanting to move/delete your shared file folder
  • Were you successful in installing avast?
  • Do you have any remaining problems other than the possible missing music files?

Let me know if you have any questions.

 

The first thing I tried was a 'System Restore', but wary of reintroducing old gremlins, I merely restored it to a point from yesterday .................................. and it worked :bananas: .

I have also installed Avast! Free Edition for a bit of security ........................... that seems to be problem free!

My FRST log is at the end of this post but it wasn't able to find the missing files. I also installed FRST onto my (H) Drive and ran it from there, but the log was identical.

I recall that it is occasionally advantageous to run progs as administrator, but, as I'm already logged in as admin, I guess that's not an issue.

As far as the 'Shared Documents' folder showing up in 'My Computer' is concerned, I just find it irritating as I have no idea how it got there and it's not a drive as all the others are.

Finally, I'll accept that the missing music files are missing for good ............................... it's not the end of the world, but, I have discovered that I can no longer burn music from my Windows Media Player library on to brand new blank discs! I can play discs without issue, I just can't seem to be able to burn them using Media Player.

If I uninstalled WMP and then re-installed it immediately afterwards, would my current library disappear?

How would I get my music onto a freash install of WMP, or would that happen automatically?

Sorry to be a pain, but I do believe were getting somewhere good.

Again, many thanks,

 

Slime58

 

Farbar Recovery Scan Tool (x86) Version:25-12-2015
Ran by Simon Hill (2015-12-29 16:59:09)
Running from I:\Documents and Settings\Simon Hill\Desktop
Boot Mode: Normal

================== Search Files: "*.mp3;*.wav" =============

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_aftermatch.wav
[2015-05-21 20:01][2008-02-26 12:45] 1831232 ____A () DF3FE3F4B1070BEB354E129CD9A37D20 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_aftermatch_light.wav
[2015-05-21 20:01][2008-06-10 14:05] 0815892 ____A () EB393EE8EC18F4595C9FC3DC4C0051B7 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_alanis.wav
[2015-05-21 20:01][2008-02-26 12:45] 0777256 ____A () ACDFF65852D0991110C18A64A98916D8 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_badref.wav
[2015-05-21 20:01][2008-06-10 11:53] 0705640 ____A () 000FB045A0CE40D2191438757ABA2264 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_bad_tackle2.wav
[2015-05-21 20:01][2008-02-26 12:45] 1114152 ____A () AD1BAF9E28FFF35BF06CE52AB1FFBFEF [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_blowup.wav
[2015-05-21 20:01][2008-02-26 12:45] 0993340 ____A () 3228758C637513A8AD7C7E117480C846 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_cheer1.wav
[2015-05-21 20:01][2008-02-26 12:45] 0529240 ____A () 6EE8F3441E14728F0D920BC5C45115C4 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_cheer2.wav
[2015-05-21 20:01][2008-02-26 12:45] 0331876 ____A () CC8F2678486E231CC416354A9C0C5E78 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_cheer3.wav
[2015-05-21 20:01][2008-02-26 12:45] 0529240 ____A () 0E61B4056E3D3F10778BEAE55C3AF60A [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_cheer_huzzah.wav
[2015-05-21 20:01][2008-02-26 12:45] 0754500 ____A () CF713A9993DEC7081AC969C10C299464 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_cmon.wav
[2015-05-21 20:01][2008-06-10 12:30] 0724888 ____A () 70B302DB0DE7B3F541A41BA96626344F [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_dirtyfoul.wav
[2015-05-21 20:01][2008-02-26 12:45] 0859604 ____A () B111AB2FDABE05209F35D9BCB9A0243C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_dirtytackle.wav
[2015-05-21 20:01][2008-02-26 12:45] 1021740 ____A () E9B39378D527F11EFA2D958A0CD15C14 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_dive.wav
[2015-05-21 20:01][2008-02-26 12:45] 1475964 ____A () 3A64DC5A851D0EDF7C258BAE03FA29D9 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_excited.wav
[2015-05-21 20:01][2008-02-26 12:45] 0537316 ____A () 5C729D2DF4BB275A2AB636D7185F0C52 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_excited2.wav
[2015-05-21 20:01][2008-02-26 12:45] 0770192 ____A () 0872E10A0E11D1B23451DACD464707BE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_goal.wav
[2015-05-21 20:01][2008-02-26 12:45] 1315572 ____A () 61EADC820BAD225593FB12953F610742 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_goalmono.wav
[2015-05-21 20:01][2008-02-26 12:45] 2067284 ____A () 6C8412C2AD08B9BCB0345465CFAB1C62 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_good1.wav
[2015-05-21 20:01][2008-02-26 12:45] 0593748 ____A () 2CCBAE04A9910C3A034997B12E4E463B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_handball.wav
[2015-05-21 20:01][2008-06-12 12:12] 0355848 ____A () AC63D84A3E24E1588E7B46A0148E730B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_hmm.wav
[2015-05-21 20:01][2008-02-26 12:45] 0386308 ____A () C78C7E6F1B3BDEB8C153ECEF6369CB9D [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_jeer_ref.wav
[2015-05-21 20:01][2008-06-10 12:55] 0908792 ____A () AFEBD7CC58A615B77E77D7B00F7E4D51 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_jeer_team.wav
[2015-05-21 20:01][2008-02-26 12:45] 0584212 ____A () FC7E68E4220DB7A290D1A6693A58F290 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_jeer_team_large.wav
[2015-05-21 20:01][2008-02-26 12:45] 0746348 ____A () F628A177C71CC75380F534C686D649A8 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_jeer_team_small.wav
[2015-05-21 20:01][2008-02-26 12:45] 0628840 ____A () DEDDB2780CD9F599E984D40F6432139C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_near_miss.wav
[2015-05-21 20:01][2008-02-26 12:45] 0303648 ____A () 7A269D2E6ED5BD9CAB643BAE3231C565 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_near_miss2.wav
[2015-05-21 20:01][2008-02-26 12:45] 0727808 ____A () 2E270514CB74CF8465B1BF2629931D60 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_nogoal.wav
[2015-05-21 20:01][2008-02-26 12:45] 1561800 ____A () 229346AA126783D07DCFFFB5490432AD [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ole.wav
[2015-05-21 20:01][2008-02-26 12:45] 0529240 ____A () 96157416CC14F8F5980B7B0D3E77D217 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ole_pass.wav
[2015-05-21 20:01][2008-06-10 22:06] 0187752 ____A () 8CD5A44EAC22B12D9CA858625E69219F [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ooh.wav
[2015-05-21 20:01][2008-02-26 12:45] 0718648 ____A () 74B9A5DA73A010C665CBC4D53A334B07 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ooh4.wav
[2015-05-21 20:01][2008-02-26 12:45] 0775260 ____A () 205ADAB8AC6EEFB6858053EB656B85D8 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ooh5.wav
[2015-05-21 20:01][2008-02-26 12:45] 0802776 ____A () 3871EFBA36529982583209C03E477A6D [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ooh6.wav
[2015-05-21 20:01][2008-02-26 12:45] 0617440 ____A () D59829393BCE286B056E8C36BFE32425 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ooh7.wav
[2015-05-21 20:01][2008-02-26 12:45] 0710728 ____A () 7BA5E099DD82E3D9040E0732ADF4FF2C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ooh8.wav
[2015-05-21 20:01][2008-02-26 12:45] 0609680 ____A () 1C56A49594696E16FD39E175E4A00F86 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_ooh9.wav
[2015-05-21 20:01][2008-06-10 13:07] 0714108 ____A () 30604B659CCFBD744C12FBC4FA94DED3 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_oohmono.wav
[2015-05-21 20:01][2008-02-26 12:45] 0698180 ____A () 6B76BDE3E43866AA6E316346E7984C5E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_oohsmall.wav
[2015-05-21 20:01][2008-02-26 12:45] 0857084 ____A () 2745C06AB85AF355536BA8E4325B2752 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_penalty.wav
[2015-05-21 20:01][2008-02-26 12:45] 1637304 ____A () 0A6FEC80E63D631C4DC9533CDF6C8885 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_push.wav
[2015-05-21 20:01][2008-02-26 12:45] 0572988 ____A () 3D3D27E80A4569460FD5CE15ABC6205C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_push2.wav
[2015-05-21 20:01][2008-02-26 12:45] 0450684 ____A () 66634B4F5FAE3206E417E83AD92A141C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_push3.wav
[2015-05-21 20:01][2008-02-26 12:45] 0463536 ____A () 49BD670BB3439EA93067F894693242FA [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_push4.wav
[2015-05-21 20:01][2008-02-26 12:45] 0553512 ____A () 8CB3853EB01803F47A32A5DB3AEDB301 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_push5.wav
[2015-05-21 20:01][2008-06-13 19:49] 0706064 ____A () 32DFA26C54741BF6407A446D53A1F4F9 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_pushclap.wav
[2015-05-21 20:01][2008-02-26 12:45] 0418100 ____A () EFCB4F8D41ED6A03675A56AFB8C094D3 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_quiet_applause.wav
[2015-05-21 20:01][2008-02-26 12:45] 0499168 ____A () FB4B15E8B6CD71121ECA6F9228909699 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_quiet_push.wav
[2015-05-21 20:01][2008-02-26 12:45] 0470676 ____A () F355E662CA51F11684D5D1DC6FBFDCB1 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_shush.wav
[2015-05-21 20:01][2008-02-26 12:45] 3008336 ____A () 5CC922FA01E2C72AA08466F1FA3EA32B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_tackle.wav
[2015-05-21 20:01][2008-06-10 12:59] 0383244 ____A () 206450B511459421A7EA8C8223B2A5CE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_trick.wav
[2015-05-21 20:01][2008-02-26 12:45] 0686696 ____A () C2B970784108064B094A58D931BDF34E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_unlucky.wav
[2015-05-21 20:01][2008-02-26 12:45] 0639052 ____A () 822214790089905627A8B8FD24B56B48 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_upset1.wav
[2015-05-21 20:01][2008-02-26 12:45] 0796716 ____A () FCB072FB4195331573F8AA1CF0229515 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_upset2.wav
[2015-05-21 20:01][2008-02-26 12:45] 1251832 ____A () 2AD0BE5ABC3759B7F6A85F53C8545F52 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_upset3.wav
[2015-05-21 20:01][2008-02-26 12:45] 0796420 ____A () 07F45B429605EE5A3B3DE8293C782684 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_upset4.wav
[2015-05-21 20:01][2008-02-26 12:45] 0946632 ____A () 7F89E4309878D32B6F84230F3EF013DB [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_upset5.wav
[2015-05-21 20:01][2008-02-26 12:45] 0650972 ____A () DD9E5A9E30CA83F430B6C554631D1679 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_wolfwhistle.wav
[2015-05-21 20:01][2008-02-26 12:45] 0957364 ____A () 10415F2709DA70BE7B3FB4643F73C5FD [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_crowd_yellowcard.wav
[2015-05-21 20:01][2008-02-26 12:45] 1058440 ____A () 405EE8FFBF71363FFDD744E3EE68CC7E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_kick1.wav
[2015-05-21 20:01][2008-02-26 12:45] 0001928 ____A () CFFADA74E5F747860547C8DCDB142C37 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_kick2.wav
[2015-05-21 20:01][2008-02-26 12:45] 0003278 ____A () FF41534B61A243A383CD77D4378686C1 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_kick3.wav
[2015-05-21 20:01][2008-02-26 12:45] 0002614 ____A () A3879336401C08F38BCEE16359F29D23 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_kick4.wav
[2015-05-21 20:01][2008-06-10 15:08] 0073148 ____A () 4D8AD8F366A867EBF145912EBB35F24F [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_kick5.wav
[2015-05-21 20:01][2008-06-10 15:11] 0091136 ____A () EE2BC584E6CE135DFF30ADF7F74A2F50 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_loop2.wav
[2015-05-21 20:01][2008-02-26 12:45] 3494000 ____A () 7A8A56F95866C478FF415B9EF8437C8A [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\fm_navigation.wav
[2015-05-21 20:01][2008-02-26 12:45] 0007916 ____A () 3AD5994162156C240AC59EAB61A71755 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_post.wav
[2015-05-21 20:01][2008-02-26 12:45] 0024680 ____A () F118C4D77A2EBB884BF10FFDA57C4317 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_post2.wav
[2015-05-21 20:01][2008-06-10 15:05] 0072320 ____A () A5A070FFC3EC468C22B1D1D7759961FE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref.wav
[2015-05-21 20:01][2008-06-10 13:12] 0077616 ____A () F9FF89797B30BDF6FA21668ECF18D94E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref2.wav
[2015-05-21 20:01][2008-06-10 13:13] 0014544 ____A () 966838B42EAEFC84CDA68F727012FE02 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref_comehere.wav
[2015-05-21 20:01][2008-06-10 13:15] 0100156 ____A () 280A3133B7217C8ACBE4D07516F04F5B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref_end.wav
[2015-05-21 20:01][2008-06-10 13:19] 0457328 ____A () C7BB60D874174364CFA3C5A935136EEE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref_halftime.wav
[2015-05-21 20:01][2008-06-10 13:18] 0247364 ____A () DF1D4C6927AFF4E18F797BAD6381E33E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref_penalty.wav
[2015-05-21 20:01][2008-02-26 12:45] 1251832 ____A () 8A71D256E9A80B07AD1AD4B6277994BE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref_pen_go.wav
[2015-05-21 20:01][2008-06-10 13:14] 0132124 ____A () AE9F68942F68D0F8711E0AFF1A20F5B9 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_ref_start.wav
[2015-05-21 20:01][2008-06-10 13:17] 0171828 ____A () 920758995E8889F43AB1A397F256310E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_slide_tackle.wav
[2015-05-21 20:01][2008-06-10 15:21] 0141956 ____A () 63FC00BF4B1388B81D8A4A054277B7D7 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_slide_tackle_wet.wav
[2015-05-21 20:01][2008-06-10 15:23] 0185756 ____A () A5216108763A38451D02A247ED5ED7C1 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_startup.wav
[2015-05-21 20:01][2008-02-26 12:45] 0529240 ____A () 6EE8F3441E14728F0D920BC5C45115C4 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2011\data\sounds\default\FM_sub.wav
[2015-05-21 20:01][2008-02-26 12:45] 0771188 ____A () F9FF227BC3D8C85453F7EA22C10CF161 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_aftermatch.wav
[2015-05-21 19:57][2008-02-26 11:45] 1831232 ____A () DF3FE3F4B1070BEB354E129CD9A37D20 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_aftermatch_light.wav
[2015-05-21 19:57][2008-06-10 14:05] 0815892 ____A () EB393EE8EC18F4595C9FC3DC4C0051B7 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_alanis.wav
[2015-05-21 19:57][2008-02-26 11:45] 0777256 ____A () ACDFF65852D0991110C18A64A98916D8 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_badref.wav
[2015-05-21 19:57][2008-06-10 11:53] 0705640 ____A () 000FB045A0CE40D2191438757ABA2264 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_bad_tackle2.wav
[2015-05-21 19:57][2008-02-26 11:45] 1114152 ____A () AD1BAF9E28FFF35BF06CE52AB1FFBFEF [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_blowup.wav
[2015-05-21 19:57][2008-02-26 11:45] 0993340 ____A () 3228758C637513A8AD7C7E117480C846 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_cheer1.wav
[2015-05-21 19:57][2008-02-26 11:45] 0529240 ____A () 6EE8F3441E14728F0D920BC5C45115C4 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_cheer2.wav
[2015-05-21 19:57][2008-02-26 11:45] 0331876 ____A () CC8F2678486E231CC416354A9C0C5E78 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_cheer3.wav
[2015-05-21 19:57][2008-02-26 11:45] 0529240 ____A () 0E61B4056E3D3F10778BEAE55C3AF60A [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_cheer_huzzah.wav
[2015-05-21 19:57][2008-02-26 11:45] 0754500 ____A () CF713A9993DEC7081AC969C10C299464 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_cmon.wav
[2015-05-21 19:57][2008-06-10 12:30] 0724888 ____A () 70B302DB0DE7B3F541A41BA96626344F [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_dirtyfoul.wav
[2015-05-21 19:57][2008-02-26 11:45] 0859604 ____A () B111AB2FDABE05209F35D9BCB9A0243C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_dirtytackle.wav
[2015-05-21 19:57][2008-02-26 11:45] 1021740 ____A () E9B39378D527F11EFA2D958A0CD15C14 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_dive.wav
[2015-05-21 19:57][2008-02-26 11:45] 1475964 ____A () 3A64DC5A851D0EDF7C258BAE03FA29D9 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_excited.wav
[2015-05-21 19:57][2008-02-26 11:45] 0537316 ____A () 5C729D2DF4BB275A2AB636D7185F0C52 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_excited2.wav
[2015-05-21 19:57][2008-02-26 11:45] 0770192 ____A () 0872E10A0E11D1B23451DACD464707BE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_goal.wav
[2015-05-21 19:57][2008-02-26 11:45] 1315572 ____A () 61EADC820BAD225593FB12953F610742 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_goalmono.wav
[2015-05-21 19:57][2008-02-26 11:45] 2067284 ____A () 6C8412C2AD08B9BCB0345465CFAB1C62 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_good1.wav
[2015-05-21 19:57][2008-02-26 11:45] 0593748 ____A () 2CCBAE04A9910C3A034997B12E4E463B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_handball.wav
[2015-05-21 19:57][2008-06-12 12:12] 0355848 ____A () AC63D84A3E24E1588E7B46A0148E730B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_hmm.wav
[2015-05-21 19:57][2008-02-26 11:45] 0386308 ____A () C78C7E6F1B3BDEB8C153ECEF6369CB9D [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_jeer_ref.wav
[2015-05-21 19:57][2008-06-10 12:55] 0908792 ____A () AFEBD7CC58A615B77E77D7B00F7E4D51 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_jeer_team.wav
[2015-05-21 19:57][2008-02-26 11:45] 0584212 ____A () FC7E68E4220DB7A290D1A6693A58F290 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_jeer_team_large.wav
[2015-05-21 19:57][2008-02-26 11:45] 0746348 ____A () F628A177C71CC75380F534C686D649A8 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_jeer_team_small.wav
[2015-05-21 19:57][2008-02-26 11:45] 0628840 ____A () DEDDB2780CD9F599E984D40F6432139C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_near_miss.wav
[2015-05-21 19:57][2008-02-26 11:45] 0303648 ____A () 7A269D2E6ED5BD9CAB643BAE3231C565 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_near_miss2.wav
[2015-05-21 19:57][2008-02-26 11:45] 0727808 ____A () 2E270514CB74CF8465B1BF2629931D60 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_nogoal.wav
[2015-05-21 19:57][2008-02-26 11:45] 1561800 ____A () 229346AA126783D07DCFFFB5490432AD [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ole.wav
[2015-05-21 19:57][2008-02-26 11:45] 0529240 ____A () 96157416CC14F8F5980B7B0D3E77D217 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ole_pass.wav
[2015-05-21 19:57][2008-06-10 22:06] 0187752 ____A () 8CD5A44EAC22B12D9CA858625E69219F [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ooh.wav
[2015-05-21 19:57][2008-02-26 11:45] 0718648 ____A () 74B9A5DA73A010C665CBC4D53A334B07 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ooh4.wav
[2015-05-21 19:57][2008-02-26 11:45] 0775260 ____A () 205ADAB8AC6EEFB6858053EB656B85D8 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ooh5.wav
[2015-05-21 19:57][2008-02-26 11:45] 0802776 ____A () 3871EFBA36529982583209C03E477A6D [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ooh6.wav
[2015-05-21 19:57][2008-02-26 11:45] 0617440 ____A () D59829393BCE286B056E8C36BFE32425 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ooh7.wav
[2015-05-21 19:57][2008-02-26 11:45] 0710728 ____A () 7BA5E099DD82E3D9040E0732ADF4FF2C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ooh8.wav
[2015-05-21 19:57][2008-02-26 11:45] 0609680 ____A () 1C56A49594696E16FD39E175E4A00F86 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_ooh9.wav
[2015-05-21 19:57][2008-06-10 13:07] 0714108 ____A () 30604B659CCFBD744C12FBC4FA94DED3 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_oohmono.wav
[2015-05-21 19:57][2008-02-26 11:45] 0698180 ____A () 6B76BDE3E43866AA6E316346E7984C5E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_oohsmall.wav
[2015-05-21 19:57][2008-02-26 11:45] 0857084 ____A () 2745C06AB85AF355536BA8E4325B2752 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_penalty.wav
[2015-05-21 19:57][2008-02-26 11:45] 1637304 ____A () 0A6FEC80E63D631C4DC9533CDF6C8885 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_push.wav
[2015-05-21 19:57][2008-02-26 11:45] 0572988 ____A () 3D3D27E80A4569460FD5CE15ABC6205C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_push2.wav
[2015-05-21 19:57][2008-02-26 11:45] 0450684 ____A () 66634B4F5FAE3206E417E83AD92A141C [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_push3.wav
[2015-05-21 19:57][2008-02-26 11:45] 0463536 ____A () 49BD670BB3439EA93067F894693242FA [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_push4.wav
[2015-05-21 19:57][2008-02-26 11:45] 0553512 ____A () 8CB3853EB01803F47A32A5DB3AEDB301 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_push5.wav
[2015-05-21 19:57][2008-06-13 19:49] 0706064 ____A () 32DFA26C54741BF6407A446D53A1F4F9 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_pushclap.wav
[2015-05-21 19:57][2008-02-26 11:45] 0418100 ____A () EFCB4F8D41ED6A03675A56AFB8C094D3 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_quiet_applause.wav
[2015-05-21 19:57][2008-02-26 11:45] 0499168 ____A () FB4B15E8B6CD71121ECA6F9228909699 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_quiet_push.wav
[2015-05-21 19:57][2008-02-26 11:45] 0470676 ____A () F355E662CA51F11684D5D1DC6FBFDCB1 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_shush.wav
[2015-05-21 19:57][2008-02-26 11:45] 3008336 ____A () 5CC922FA01E2C72AA08466F1FA3EA32B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_tackle.wav
[2015-05-21 19:57][2008-06-10 12:59] 0383244 ____A () 206450B511459421A7EA8C8223B2A5CE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_trick.wav
[2015-05-21 19:57][2008-02-26 11:45] 0686696 ____A () C2B970784108064B094A58D931BDF34E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_unlucky.wav
[2015-05-21 19:57][2008-02-26 11:45] 0639052 ____A () 822214790089905627A8B8FD24B56B48 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_upset1.wav
[2015-05-21 19:57][2008-02-26 11:45] 0796716 ____A () FCB072FB4195331573F8AA1CF0229515 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_upset2.wav
[2015-05-21 19:57][2008-02-26 11:45] 1251832 ____A () 2AD0BE5ABC3759B7F6A85F53C8545F52 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_upset3.wav
[2015-05-21 19:57][2008-02-26 11:45] 0796420 ____A () 07F45B429605EE5A3B3DE8293C782684 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_upset4.wav
[2015-05-21 19:57][2008-02-26 11:45] 0946632 ____A () 7F89E4309878D32B6F84230F3EF013DB [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_upset5.wav
[2015-05-21 19:57][2008-02-26 11:45] 0650972 ____A () DD9E5A9E30CA83F430B6C554631D1679 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_wolfwhistle.wav
[2015-05-21 19:57][2008-02-26 11:45] 0957364 ____A () 10415F2709DA70BE7B3FB4643F73C5FD [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_crowd_yellowcard.wav
[2015-05-21 19:57][2008-02-26 11:45] 1058440 ____A () 405EE8FFBF71363FFDD744E3EE68CC7E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_kick1.wav
[2015-05-21 19:57][2008-02-26 11:45] 0001928 ____A () CFFADA74E5F747860547C8DCDB142C37 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_kick2.wav
[2015-05-21 19:57][2008-02-26 11:45] 0003278 ____A () FF41534B61A243A383CD77D4378686C1 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_kick3.wav
[2015-05-21 19:57][2008-02-26 11:45] 0002614 ____A () A3879336401C08F38BCEE16359F29D23 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_kick4.wav
[2015-05-21 19:57][2008-06-10 15:08] 0073148 ____A () 4D8AD8F366A867EBF145912EBB35F24F [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_kick5.wav
[2015-05-21 19:57][2008-06-10 15:11] 0091136 ____A () EE2BC584E6CE135DFF30ADF7F74A2F50 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_loop2.wav
[2015-05-21 19:57][2008-02-26 11:45] 3494000 ____A () 7A8A56F95866C478FF415B9EF8437C8A [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\fm_navigation.wav
[2015-05-21 19:57][2008-02-26 11:45] 0007916 ____A () 3AD5994162156C240AC59EAB61A71755 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_post.wav
[2015-05-21 19:57][2008-02-26 11:45] 0024680 ____A () F118C4D77A2EBB884BF10FFDA57C4317 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_post2.wav
[2015-05-21 19:57][2008-06-10 15:05] 0072320 ____A () A5A070FFC3EC468C22B1D1D7759961FE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref.wav
[2015-05-21 19:57][2008-06-10 13:12] 0077616 ____A () F9FF89797B30BDF6FA21668ECF18D94E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref2.wav
[2015-05-21 19:57][2008-06-10 13:13] 0014544 ____A () 966838B42EAEFC84CDA68F727012FE02 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref_comehere.wav
[2015-05-21 19:57][2008-06-10 13:15] 0100156 ____A () 280A3133B7217C8ACBE4D07516F04F5B [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref_end.wav
[2015-05-21 19:57][2008-06-10 13:19] 0457328 ____A () C7BB60D874174364CFA3C5A935136EEE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref_halftime.wav
[2015-05-21 19:57][2008-06-10 13:18] 0247364 ____A () DF1D4C6927AFF4E18F797BAD6381E33E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref_penalty.wav
[2015-05-21 19:57][2008-02-26 11:45] 1251832 ____A () 8A71D256E9A80B07AD1AD4B6277994BE [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref_pen_go.wav
[2015-05-21 19:57][2008-06-10 13:14] 0132124 ____A () AE9F68942F68D0F8711E0AFF1A20F5B9 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_ref_start.wav
[2015-05-21 19:57][2008-06-10 13:17] 0171828 ____A () 920758995E8889F43AB1A397F256310E [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_slide_tackle.wav
[2015-05-21 19:57][2008-06-10 15:21] 0141956 ____A () 63FC00BF4B1388B81D8A4A054277B7D7 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_slide_tackle_wet.wav
[2015-05-21 19:57][2008-06-10 15:23] 0185756 ____A () A5216108763A38451D02A247ED5ED7C1 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_startup.wav
[2015-05-21 19:57][2008-02-26 11:45] 0529240 ____A () 6EE8F3441E14728F0D920BC5C45115C4 [File not signed]

I:\zoek_backup\I_Program Files_Sports Interactive\Football Manager 2010\data\sounds\default\FM_sub.wav
[2015-05-21 19:57][2008-02-26 11:45] 0771188 ____A () F9FF227BC3D8C85453F7EA22C10CF161 [File not signed]

I:\WINDOWS\system32\BuzzingBee.wav
[2009-03-22 13:45][2009-03-22 13:45] 0146650 ____A () 6D0634CEBBFF7F428DD816706F5AA1FB [File not signed]

I:\WINDOWS\system32\LoopyMusic.wav
[2009-03-22 13:45][2009-03-22 13:45] 0940794 ____A () E2FA75ADE398C9A44815B11CC141105C [File not signed]

I:\WINDOWS\system32\oobe\images\clickerx.wav
[2009-03-15 13:54][2004-08-04 12:00] 0004616 ____A () 42774151FE80FC1E3D527149A1DA87BA [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud1.wav
[2010-02-23 23:56][2004-08-04 12:00] 0354468 ___AC () 3AD821DCA55F57BAAF66881AA156C058 [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud2.wav
[2010-02-23 23:56][2004-08-04 12:00] 0086180 ___AC () B5676C71960422ADE3AB8F335CEDF638 [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud3.wav
[2010-02-23 23:56][2004-08-04 12:00] 0172196 ___AC () 9942E5446D92A930E7747B26244E98D2 [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud4.wav
[2010-02-23 23:56][2004-08-04 12:00] 0086180 ___AC () 6EB76B002FD53EA7F6B834DBD4A12DAD [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud5.wav
[2010-02-23 23:56][2004-08-04 12:00] 0086196 ___AC () 591F026A91BE81D24124DE0AFF8B17C1 [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud6.wav
[2010-02-23 23:56][2004-08-04 12:00] 0343204 ___AC () FADDD52BAB627E35D96A3A4E36847833 [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud7.wav
[2010-02-23 23:56][2004-08-04 12:00] 0343204 ___AC () 6B19CC9E0568F08071211E3FB66898DC [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud8.wav
[2010-02-23 23:56][2004-08-04 12:00] 0172196 ___AC () 932A4574AEA3B14CB773EE3AF9D59543 [File is digitally signed]

I:\WINDOWS\system32\dllcache\wmpaud9.wav
[2010-02-23 23:56][2004-08-04 12:00] 0172196 ___AC () 7024A67D634BD8A393CBA93A60E1B849 [File is digitally signed]

I:\WINDOWS\system32\config\systemprofile\Templates\sndrec.wav
[2009-03-15 13:57][2004-08-04 12:00] 0000058 ____A () 4CA681147F7D55321B896749196E9909 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\ServicePackCache\i386\newalert.wav
[2010-02-23 23:56][2007-04-02 18:07] 0002882 ____A () 5A5E36FA0CD5B506C5AC59F3D1787C0F [File is digitally signed]

I:\WINDOWS\ServicePackFiles\ServicePackCache\i386\newemail.wav
[2010-02-23 23:56][2007-04-02 18:07] 0006156 ____A () C86E54DE83B9D21EDC670982C4E28270 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\ServicePackCache\i386\online.wav
[2010-02-23 23:56][2007-04-02 18:07] 0006160 ____A () D241212A10724F4582DA046742BD01F2 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\ServicePackCache\i386\type.wav
[2010-02-23 23:56][2004-08-04 01:06] 0004454 ____A () DF0A89557F2DF5B9E7808A0D61EB6748 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\chimes.wav
[2010-02-23 23:56][2004-08-04 12:00] 0055776 ____A () 0AEF5D6721BC998B048D02B2474467D8 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\chord.wav
[2010-02-23 23:56][2004-08-04 12:00] 0097016 ____A () 0193CF80FB51AB167A59DF8106E08E77 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\clickerx.wav
[2010-02-23 23:56][2004-08-04 12:00] 0004616 ____A () 42774151FE80FC1E3D527149A1DA87BA [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\ding.wav
[2010-02-23 23:56][2004-08-04 12:00] 0080856 ____A () 18E639792D3767436AC6955EB60E4F54 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\newalert.wav
[2010-02-23 23:56][2007-04-02 18:07] 0002882 ____A () 5A5E36FA0CD5B506C5AC59F3D1787C0F [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\newemail.wav
[2010-02-23 23:56][2007-04-02 18:07] 0006156 ____A () C86E54DE83B9D21EDC670982C4E28270 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\notify.wav
[2010-02-23 23:56][2004-08-04 12:00] 0119384 ____A () 108025B17F67E61946DF5D7FBF713CDB [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\online.wav
[2010-02-23 23:56][2007-04-02 18:07] 0006160 ____A () D241212A10724F4582DA046742BD01F2 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\recycle.wav
[2010-02-23 23:56][2004-08-04 12:00] 0025434 ____A () 774C029C9FED208F1D21F8F35BA323A9 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\ringin.wav
[2010-02-23 23:56][2004-08-04 12:00] 0010026 ____A () 5549AF0CBB0CC2F1AB1A1DD52AC3531E [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\ringout.wav
[2010-02-23 23:56][2004-08-04 12:00] 0005212 ____A () DD1A8BE4DDF91F51BB49D7360EEF532D [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\tada.wav
[2010-02-23 23:56][2004-08-04 12:00] 0171100 ____A () 1F30373A52DE55D0D07A4422299B2522 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\type.wav
[2010-02-23 23:56][2004-08-04 01:06] 0004454 ____A () DF0A89557F2DF5B9E7808A0D61EB6748 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiaas.wav
[2007-06-26 05:55][2007-06-26 05:55] 0095708 ____A () 46772B9836FD8F822F7709F283B607BF [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiacl.wav
[2007-06-26 05:55][2007-06-26 05:55] 0004616 ____A () 42774151FE80FC1E3D527149A1DA87BA [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiacr.wav
[2007-06-26 05:55][2007-06-26 05:55] 0005824 ____A () A7BC1470BB4B375A669E508B3FD7EC2E [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiade.wav
[2007-06-26 05:55][2007-06-26 05:55] 0009946 ____A () 2A6FC2F3A4BA3BDCAD55D9882B87090B [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiaer.wav
[2007-06-26 05:55][2007-06-26 05:55] 0024596 ____A () 3C3F80E51763A14A045E1B8906FE89FE [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiaex.wav
[2007-06-26 05:55][2007-06-26 05:55] 0013026 ____A () 7C0C97D8008FD550ED81F633FB7446AA [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiama.wav
[2007-06-26 05:55][2007-06-26 05:55] 0014922 ____A () 435588D9982794F7BB3A6829B1CCCF63 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiame.wav
[2007-06-26 05:55][2007-06-26 05:55] 0003462 ____A () 063F9C6E176201883C18918C4A409E09 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiami.wav
[2007-06-26 05:55][2007-06-26 05:55] 0014990 ____A () 80564D7B8659685061E198EDFE322DF5 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiaop.wav
[2007-06-26 05:55][2007-06-26 05:55] 0010760 ____A () 1DB63731297AFFFA7474699F898ED417 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiaqu.wav
[2007-06-26 05:55][2007-06-26 05:55] 0013084 ____A () 2977AF9FE6C4AD8D7AF5183F10DE5A4D [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiare.wav
[2007-06-26 05:55][2007-06-26 05:55] 0098330 ____A () BAA387112B158B6B4079C1482B9BBF4F [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopiawi.wav
[2007-06-26 05:55][2007-06-26 05:55] 0156760 ____A () 27637E4C28F3EB9B5EEB68918676DA2F [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopia~1.wav
[2007-06-26 05:55][2007-06-26 05:55] 0086798 ____A () ACAEB0A1F4497EA94A31B8253E19C1E2 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopia~2.wav
[2007-06-26 05:55][2007-06-26 05:55] 0002692 ____A () 0CBBBAFB8337D2665C27F586736E63F3 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopia~3.wav
[2007-06-26 05:55][2007-06-26 05:55] 0005120 ____A () 318798999F9615FE6AE529308CE133F8 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\utopia~4.wav
[2007-06-26 05:55][2007-06-26 05:55] 0015372 ____A () D0A13C2CCBF395E9A1786FE04700A185 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpballn.wav
[2010-02-23 23:56][2004-08-04 12:00] 0006400 ____A () B2B2093D0271ECF7017A7ED3C490EFDE [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpbatcrt.wav
[2010-02-23 23:56][2004-08-04 12:00] 0036910 ____A () E221302BEA8F7D6DA1AF46B0B630AA15 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpbatlow.wav
[2010-02-23 23:56][2004-08-04 12:00] 0053864 ____A () 0EDB69701FFA5B1DEFC27304B4E8AB51 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpblkpop.wav
[2010-02-23 23:56][2004-08-04 12:00] 0029444 ____A () 12BE3833764F37D1BA31350935E3FA2A [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpcrtstp.wav
[2010-02-23 23:56][2004-08-04 12:00] 0039382 ____A () 19B1FE35E57567843009857DF3BA1CDB [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpdef.wav
[2010-02-23 23:56][2004-08-04 12:00] 0024530 ____A () 1B1DC80EF6AAF0ED9E87CABBF7E9D904 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpding.wav
[2010-02-23 23:56][2004-08-04 12:00] 0017132 ____A () 9A99222106590E258E430686765BAADB [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xperror.wav
[2010-02-23 23:56][2004-08-04 12:00] 0044136 ____A () 199B5352639F3881890888B0DF965BEB [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpexcl.wav
[2010-02-23 23:56][2004-08-04 12:00] 0042576 ____A () 007B2D9D9755C599A54FBAE3998770D2 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xphdfail.wav
[2010-02-23 23:56][2004-08-04 12:00] 0036614 ____A () 498C59AB95BE083AD3903DD52D74E829 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xphdinst.wav
[2010-02-23 23:56][2004-08-04 12:00] 0036636 ____A () 3F3DBCDE4543E7F3D886F9336F6530F9 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xphdrem.wav
[2010-02-23 23:56][2004-08-04 12:00] 0036538 ____A () 3354701C24C31DD315B590A276CD49C4 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpinfbar.wav
[2010-02-23 23:56][2004-08-04 12:00] 0020336 ____A () 67E506DD93AF0324F458A53568E676E2 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xplogoff.wav
[2010-02-23 23:56][2004-08-04 12:00] 0179704 ____A () AF9533498AEEA71E7AE1F6D59271A494 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xplogon.wav
[2010-02-23 23:56][2004-08-04 12:00] 0190208 ____A () 840E7327FBB97CB8F005A65F2FDE7450 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpmenu.wav
[2010-02-23 23:56][2004-08-04 12:00] 0001404 ____A () 53A172DDBD16AA7ACCEAD0F5B263B70F [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpmin.wav
[2010-02-23 23:56][2004-08-04 12:00] 0022580 ____A () 4195F08A3193F1B0635BDEB4AE7709DC [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpnotify.wav
[2010-02-23 23:56][2004-08-04 12:00] 0048988 ____A () 65255D264FFE09EA3C2CC9F466A8584E [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpprint.wav
[2010-02-23 23:56][2004-08-04 12:00] 0043762 ____A () F954385C8E996ECCAA13CEFE8CBCAF2A [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xprecycl.wav
[2010-02-23 23:56][2004-08-04 12:00] 0022816 ____A () 2D88D18DBF9CCD69B71EB3120BBF5ED2 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xprestor.wav
[2010-02-23 23:56][2004-08-04 12:00] 0019458 ____A () AE9B48D3BB2E454AE741E3CB5CA76E3B [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpringin.wav
[2010-02-23 23:56][2004-08-04 12:00] 0038930 ____A () 069B44F2BC6B41031DF80E81EADB61B9 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xprngout.wav
[2010-02-23 23:56][2004-08-04 12:00] 0022070 ____A () B7BDDE53679D0C11C8DD1B5BBE7D252A [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpshutdn.wav
[2010-02-23 23:56][2004-08-04 12:00] 0282608 ____A () 6DDA0CD0596B2A5A5FABB3CE93CDA8A6 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpstart.wav
[2010-02-23 23:56][2004-08-04 12:00] 0002202 ____A () C2E5A28D15ADA7BBFF5F039C4C55DEA3 [File is digitally signed]

I:\WINDOWS\ServicePackFiles\i386\xpstartu.wav
[2010-02-23 23:56][2004-08-04 12:00] 0424644 ____A () DDE597FFD855F89DE33951973426A3CB [File is digitally signed]

I:\WINDOWS\pchealth\helpctr\System\Remote Assistance\ding.wav
[2009-03-22 22:59][2009-03-22 22:59] 0080856 ____A () 18E639792D3767436AC6955EB60E4F54 [File is digitally signed]

I:\WINDOWS\Media\chimes.wav
[2004-08-04 12:00][2004-08-04 12:00] 0055776 ____A () 0AEF5D6721BC998B048D02B2474467D8 [File is digitally signed]

I:\WINDOWS\Media\chord.wav
[2004-08-04 12:00][2004-08-04 12:00] 0097016 ____A () 0193CF80FB51AB167A59DF8106E08E77 [File is digitally signed]

I:\WINDOWS\Media\ding.wav
[2004-08-04 12:00][2004-08-04 12:00] 0080856 ____A () 18E639792D3767436AC6955EB60E4F54 [File is digitally signed]

I:\WINDOWS\Media\notify.wav
[2004-08-04 12:00][2004-08-04 12:00] 0119384 ____A () 108025B17F67E61946DF5D7FBF713CDB [File is digitally signed]

I:\WINDOWS\Media\recycle.wav
[2004-08-04 12:00][2004-08-04 12:00] 0025434 ____A () 774C029C9FED208F1D21F8F35BA323A9 [File is digitally signed]

I:\WINDOWS\Media\ringin.wav
[2004-08-04 12:00][2004-08-04 12:00] 0010026 ____A () 5549AF0CBB0CC2F1AB1A1DD52AC3531E [File is digitally signed]

I:\WINDOWS\Media\ringout.wav
[2004-08-04 12:00][2004-08-04 12:00] 0005212 ____A () DD1A8BE4DDF91F51BB49D7360EEF532D [File is digitally signed]

I:\WINDOWS\Media\start.wav
[2004-08-04 12:00][2004-08-04 12:00] 0001192 ____A () FB45431715E37C47A5CAE5DC37E8039E [File is digitally signed]

I:\WINDOWS\Media\tada.wav
[2004-08-04 12:00][2004-08-04 12:00] 0171100 ____A () 1F30373A52DE55D0D07A4422299B2522 [File is digitally signed]

I:\WINDOWS\Media\Windows Feed Discovered.wav
[2009-01-07 18:20][2009-01-07 18:20] 0019884 ____A () F56A39813E5C699722CE510793B8F056 [File is digitally signed]

I:\WINDOWS\Media\Windows Information Bar.wav
[2009-01-07 18:20][2009-01-07 18:20] 0023308 ____A () 0D9E9C0A8B66B41442218E83D109F7B3 [File is digitally signed]

I:\WINDOWS\Media\Windows Navigation Start.wav
[2009-01-07 18:20][2009-01-07 18:20] 0011340 ____A () B82AA79F496456FFC5B952B484AF25F5 [File is digitally signed]

I:\WINDOWS\Media\Windows Pop-up Blocked.wav
[2009-01-07 18:20][2009-01-07 18:20] 0085548 ____A () 871CBB63DDA8C8673173D34B9D67B11E [File is digitally signed]

I:\WINDOWS\Media\Windows XP Balloon.wav
[2004-08-04 12:00][2004-08-04 12:00] 0006400 ____A () B2B2093D0271ECF7017A7ED3C490EFDE [File is digitally signed]

I:\WINDOWS\Media\Windows XP Battery Critical.wav
[2004-08-04 12:00][2004-08-04 12:00] 0036910 ____A () E221302BEA8F7D6DA1AF46B0B630AA15 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Battery Low.wav
[2004-08-04 12:00][2004-08-04 12:00] 0053864 ____A () 0EDB69701FFA5B1DEFC27304B4E8AB51 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Critical Stop.wav
[2004-08-04 12:00][2004-08-04 12:00] 0039382 ____A () 19B1FE35E57567843009857DF3BA1CDB [File is digitally signed]

I:\WINDOWS\Media\Windows XP Default.wav
[2004-08-04 12:00][2004-08-04 12:00] 0024530 ____A () 1B1DC80EF6AAF0ED9E87CABBF7E9D904 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Ding.wav
[2004-08-04 12:00][2004-08-04 12:00] 0017132 ____A () 9A99222106590E258E430686765BAADB [File is digitally signed]

I:\WINDOWS\Media\Windows XP Error.wav
[2004-08-04 12:00][2004-08-04 12:00] 0044136 ____A () 199B5352639F3881890888B0DF965BEB [File is digitally signed]

I:\WINDOWS\Media\Windows XP Exclamation.wav
[2004-08-04 12:00][2004-08-04 12:00] 0042576 ____A () 007B2D9D9755C599A54FBAE3998770D2 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Hardware Fail.wav
[2004-08-04 12:00][2004-08-04 12:00] 0036614 ____A () 498C59AB95BE083AD3903DD52D74E829 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Hardware Insert.wav
[2004-08-04 12:00][2004-08-04 12:00] 0036636 ____A () 3F3DBCDE4543E7F3D886F9336F6530F9 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Hardware Remove.wav
[2004-08-04 12:00][2004-08-04 12:00] 0036538 ____A () 3354701C24C31DD315B590A276CD49C4 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Information Bar.wav
[2004-08-04 12:00][2004-08-04 12:00] 0020336 ____A () 67E506DD93AF0324F458A53568E676E2 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Logoff Sound.wav
[2004-08-04 12:00][2004-08-04 12:00] 0179704 ____A () AF9533498AEEA71E7AE1F6D59271A494 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Logon Sound.wav
[2004-08-04 12:00][2004-08-04 12:00] 0190208 ____A () 840E7327FBB97CB8F005A65F2FDE7450 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Menu Command.wav
[2004-08-04 12:00][2004-08-04 12:00] 0001404 ____A () 53A172DDBD16AA7ACCEAD0F5B263B70F [File is digitally signed]

I:\WINDOWS\Media\Windows XP Minimize.wav
[2004-08-04 12:00][2004-08-04 12:00] 0022580 ____A () 4195F08A3193F1B0635BDEB4AE7709DC [File is digitally signed]

I:\WINDOWS\Media\Windows XP Notify.wav
[2004-08-04 12:00][2004-08-04 12:00] 0048988 ____A () 65255D264FFE09EA3C2CC9F466A8584E [File is digitally signed]

I:\WINDOWS\Media\Windows XP Pop-up Blocked.wav
[2004-08-04 12:00][2004-08-04 12:00] 0029444 ____A () 12BE3833764F37D1BA31350935E3FA2A [File is digitally signed]

I:\WINDOWS\Media\Windows XP Print complete.wav
[2004-08-04 12:00][2004-08-04 12:00] 0043762 ____A () F954385C8E996ECCAA13CEFE8CBCAF2A [File is digitally signed]

I:\WINDOWS\Media\Windows XP Recycle.wav
[2004-08-04 12:00][2004-08-04 12:00] 0022816 ____A () 2D88D18DBF9CCD69B71EB3120BBF5ED2 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Restore.wav
[2004-08-04 12:00][2004-08-04 12:00] 0019458 ____A () AE9B48D3BB2E454AE741E3CB5CA76E3B [File is digitally signed]

I:\WINDOWS\Media\Windows XP Ringin.wav
[2004-08-04 12:00][2004-08-04 12:00] 0038930 ____A () 069B44F2BC6B41031DF80E81EADB61B9 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Ringout.wav
[2004-08-04 12:00][2004-08-04 12:00] 0022070 ____A () B7BDDE53679D0C11C8DD1B5BBE7D252A [File is digitally signed]

I:\WINDOWS\Media\Windows XP Shutdown.wav
[2004-08-04 12:00][2004-08-04 12:00] 0282608 ____A () 6DDA0CD0596B2A5A5FABB3CE93CDA8A6 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Start.wav
[2004-08-04 12:00][2004-08-04 12:00] 0002202 ____A () C2E5A28D15ADA7BBFF5F039C4C55DEA3 [File is digitally signed]

I:\WINDOWS\Media\Windows XP Startup.wav
[2004-08-04 12:00][2004-08-04 12:00] 0424644 ____A () DDE597FFD855F89DE33951973426A3CB [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud1.wav
[2009-03-15 13:55][2004-08-04 12:00] 0354468 ____A () 3AD821DCA55F57BAAF66881AA156C058 [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud2.wav
[2009-03-15 13:55][2004-08-04 12:00] 0086180 ____A () B5676C71960422ADE3AB8F335CEDF638 [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud3.wav
[2009-03-15 13:55][2004-08-04 12:00] 0172196 ____A () 9942E5446D92A930E7747B26244E98D2 [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud4.wav
[2009-03-15 13:55][2004-08-04 12:00] 0086180 ____A () 6EB76B002FD53EA7F6B834DBD4A12DAD [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud5.wav
[2009-03-15 13:55][2004-08-04 12:00] 0086196 ____A () 591F026A91BE81D24124DE0AFF8B17C1 [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud6.wav
[2009-03-15 13:55][2004-08-04 12:00] 0343204 ____A () FADDD52BAB627E35D96A3A4E36847833 [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud7.wav
[2009-03-15 13:55][2004-08-04 12:00] 0343204 ____A () 6B19CC9E0568F08071211E3FB66898DC [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud8.wav
[2009-03-15 13:55][2004-08-04 12:00] 0172196 ____A () 932A4574AEA3B14CB773EE3AF9D59543 [File is digitally signed]

I:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud9.wav
[2009-03-15 13:55][2004-08-04 12:00] 0172196 ____A () 7024A67D634BD8A393CBA93A60E1B849 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND1.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0055490 ____A () 38B1BEA5B20AB16F35C8CB1C4173102E [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND104.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0001226 ____A () A44748E509BAB00B3CA6F6FA5B25C629 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND105.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0001968 ____A () AFC9B22846E2455F3566B9D5F7094069 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND108.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0007754 ____A () 1F5212291303ABC61E31DD5460B502D2 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND111.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0000890 ____A () 157AAB8678758C6C14D6E2A642D67250 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND112.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0000824 ____A () E6CE1719E5A7118D9E69F1C92FB1939E [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND12.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0004296 ____A () E5123C98593AA610E794CE852AECEFAF [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND13.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0008034 ____A () F2DCA9CA1B4008676D8E6A6C205BE905 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND131.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0001290 ____A () 899435422642D583AA2A28E1AA5E7B3B [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND136.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0019282 ____A () 78F089B8E0A048E6C06C381B6C01F1AF [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND14.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0003002 ____A () 6E16123605BE6EAD006DE652A7BFEE6B [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND16.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0001046 ____A () E41791BBCD5B895ECD909E45E718D3CD [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND17.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0002090 ____A () 433CDFD5EC169A5FBA806ADD54FE2197 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND18.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0003986 ____A () 400442C6289E5F757FC6444F49DC728A [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND181.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0027472 ____A () F3A12D83288DEF810F8950E5E444CCC8 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND19.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0005230 ____A () C2AEDAF860EC7AFC8701473E1E399A71 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND20.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0008650 ____A () C05BEC850A4336D53DED063AE009528F [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND21.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0009194 ____A () 052A743AEC1B7BEAF7159B8F2A8A368F [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND22.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0007376 ____A () AA49652B614337369C4A7F1D3C02E597 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND24.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0012106 ____A () FDB890581CB22703291F694C1F7895E0 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND240.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0014600 ____A () 77DCC5C9F89D5B0732AA336D8D17EE93 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND243.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0020712 ____A () 7E57AB05D47A75785832DEFCCB24B4C6 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND25.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0025704 ____A () FD4348E6554D2BC2005D0301947257F6 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND26.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0007306 ____A () EFE11FC59CAAB2E86A9F66294037989E [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND27.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0020242 ____A () AFA9EE18904167C87BE0DDD3DA6CDCA0 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND28.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0008650 ____A () BFF0D142C36AAF2C604C2D6443C3656C [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND29.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0010364 ____A () A960850B4D37CDF89EC3538F6DFD7289 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND3.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0022858 ____A () 14B38461342EEFC9C54BBC7F6D445156 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND30.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0022570 ____A () 0946FF3D057A0DA6C9BB9AC1D06873CB [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND34.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0001520 ____A () F0405F48055F2138C06E682D615BD7D9 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND35.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0019498 ____A () 62783F9EBC2B171E75432B90F22827ED [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND36.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0033848 ____A () AB3FDDB94768862E472F8B14A08318A0 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND38.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0013024 ____A () 701C6DBAFB9D4FDF1BB8C8548D236BD0 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND39.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0028282 ____A () C2C40FFA97474A1F61F4904B38B5E03A [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND4.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0016626 ____A () 72AFE9567FDACF01253F643C7F28155C [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND42.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0029140 ____A () 2848FDF7078416D753F64FA1410B50A3 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND43.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0022796 ____A () BCC51EC7D94007E893BBBF44A6C4032F [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND45.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0009770 ____A () 976102DD2E90F045ABB7C68C3B856678 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND49.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0001876 ____A () BC44F40481CCBA87CF3A2D5D227EDC1D [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND49D.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0003330 ____A () BE320D8974962809F9610EBE33757889 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND5.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0003180 ____A () F287CD3E87EB2B04CB77B44220563862 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND50.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0012074 ____A () 725ACB14D4BC7658F8CAD810D250BF6D [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND528.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0008932 ____A () F420D867D78092E411EBD06E4125F892 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND53.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0009022 ____A () 6D1B0136543B7438B90CBE6402F3D9E6 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND54.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0018250 ____A () B39467EE32C569A6301DA7005430D76A [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND55.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0021890 ____A () 807AEF040368A2430440E08F8409C1F9 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND560.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0029004 ____A () 830F5C3CCB2C25B56915F29FAD6854EB [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND563.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0024192 ____A () 505DE43C7CEA7A587D19DA981C614564 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND57.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0030502 ____A () 44DC8E0939C9AE0414188EE7C0CD6549 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND58.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0003408 ____A () 9BE6FE2F9E9C44B3D36184D4A151F2ED [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND6.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0004376 ____A () C7E272838C96E946BB567E0A9B28D244 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND65.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0017676 ____A () 8D1281B046CD3F58B3ED184427A2BC78 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND68.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0032402 ____A () BCD7EDF93BBA590398BB8CE1CD37322D [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND7.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0026442 ____A () 0034D353BFDEFA03770C7596E9788393 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND713.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0014592 ____A () 331668C93AEABB4CA528878D6E74F729 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND735.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0027268 ____A () 6CAD095C4BD0BFB3AF932373174200E9 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND8.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0002102 ____A () D8D44E1E37BE2DAA7C45275D99D023E1 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND827.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0047230 ____A () E6336FAF525C6FC8A21CA2BBB34E490E [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND9.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0020098 ____A () AD7C448E7BBBF279C433DE56B0BF6664 [File is digitally signed]

I:\Program Files\Windows NT\Pinball\SOUND999.WAV
[2009-03-15 13:53][2004-08-04 12:00] 0006742 ____A () 68AF947EBFCFE21BF6E73A73029073E8 [File is digitally signed]

I:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Samples\linkobj\music3.wav
[2009-05-01 18:14][1997-04-16 14:07] 0104532 ____A () 824C3E6651A11B534897796B6AEAAAAB [File not signed]

I:\Program Files\NetMeeting\Blip.wav
[2009-03-15 13:54][2004-08-04 12:00] 0021260 ____A () 5D7B30B0EF3FA8F9458843EA62301082 [File is digitally signed]

I:\Program Files\NetMeeting\TestSnd.wav
[2009-03-15 13:54][2004-08-04 12:00] 0079002 ____A () 84358D923B5130AD1D0C4FABF4B30237 [File is digitally signed]

I:\Program Files\Microsoft Office\Office12\REMINDER.WAV
[2005-10-03 18:08][2005-10-03 18:08] 0108800 ____A () 049A11EBF7EB573C59665BFDBC475DB7 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\APPLAUSE.WAV
[1998-05-29 14:10][1998-05-29 14:10] 0028074 ____A () FE2149CBA06CB3FE0ABDE6E26B0E31E5 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\ARROW.WAV
[2000-05-16 14:26][2000-05-16 14:26] 0023030 ____A () B850034C11CEED4FD2A8F20BA3D57FFE [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\BOMB.WAV
[2000-05-16 14:02][2000-05-16 14:02] 0194166 ____A () 2697BDC3376ED348CF2263F24B05C28F [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\BREEZE.WAV
[2000-05-26 17:57][2000-05-26 17:57] 0004290 ____A () C8BB66660816C04933DE66D4B4CCE436 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\CAMERA.WAV
[1997-07-11 01:37][1997-07-11 01:37] 0005524 ____A () B16282C042EF5E5646B4360579F688D4 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\CASHREG.WAV
[1997-07-11 01:37][1997-07-11 01:37] 0007551 ____A () 307669F8F2529007A5E14CD4A236B07F [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\CHIMES.WAV
[1998-05-29 14:10][1998-05-29 14:10] 0037310 ____A () C2DEA2C78EB9CFDBDE343FBF9B55D380 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\CLICK.WAV
[2000-05-26 17:57][2000-05-26 17:57] 0000616 ____A () 3D628041A2CB17F222234DDF06B494F1 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\COIN.WAV
[2000-05-26 17:56][2000-05-26 17:56] 0005564 ____A () 238C601CF9D60A50432B497CA5F825E3 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\DRUMROLL.WAV
[1997-07-11 01:37][1997-07-11 01:37] 0019426 ____A () 340E970EA7C72E79594DD0C3596513F9 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\EXPLODE.WAV
[1997-07-11 01:37][1997-07-11 01:37] 0023584 ____A () 49B9DA9918858F2F28B32EE845FA4C4C [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\HAMMER.WAV
[2000-05-26 17:55][2000-05-26 17:55] 0004028 ____A () 0D9913113500D917CB6FA3DF3587A05A [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\LASER.WAV
[1997-07-11 01:37][1997-07-11 01:37] 0001837 ____A () E94C385C27C3096E92DE1B39D6AFAD65 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\PUSH.WAV
[2000-05-26 17:49][2000-05-26 17:49] 0015748 ____A () 7FBD66E4BB1596628CFB606C3635FA11 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\SUCTION.WAV
[2000-04-10 15:47][2000-04-10 15:47] 0005732 ____A () E94900C685C5E77EF38F74FE653E0D10 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\TYPE.WAV
[1998-05-29 14:10][1998-05-29 14:10] 0004636 ____A () 7593E0E3EB61130AD19433753E8D1621 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\VOLTAGE.WAV
[2000-05-16 14:19][2000-05-16 14:19] 0013766 ____A () D050433DC8545D178633A0F2DD218C77 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\WHOOSH.WAV
[1997-07-11 01:37][1997-07-11 01:37] 0001758 ____A () 14AE23ECA4848F6F00E7EEF5737E5F69 [File not signed]

I:\Program Files\Microsoft Office\Office12\MEDIA\WIND.WAV
[2000-05-26 17:49][2000-05-26 17:49] 0011140 ____A () 687B9D00399F5D7FD38F1CA35DBB0681 [File not signed]

I:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV
[1998-03-10 21:02][1998-03-10 21:02] 0022618 ____A () 70CEFDCBEC34521C9C5EC2E6EA886691 [File not signed]

I:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV
[1999-02-16 21:50][1999-02-16 21:50] 0026810 ____A () 482E0BE79A5293D22D37278E0127E489 [File not signed]

I:\Program Files\Messenger\newalert.wav
[2009-03-15 13:53][2007-04-02 18:07] 0002882 ____A () 5A5E36FA0CD5B506C5AC59F3D1787C0F [File is digitally signed]

I:\Program Files\Messenger\newemail.wav
[2009-03-15 13:53][2007-04-02 18:07] 0006156 ____A () C86E54DE83B9D21EDC670982C4E28270 [File is digitally signed]

I:\Program Files\Messenger\online.wav
[2009-03-15 13:53][2007-04-02 18:07] 0006160 ____A () D241212A10724F4582DA046742BD01F2 [File is digitally signed]

I:\Program Files\Messenger\type.wav
[2009-03-15 13:53][2004-08-04 01:06] 0004454 ____A () DF0A89557F2DF5B9E7808A0D61EB6748 [File is digitally signed]

I:\Program Files\Creative\Creative ZEN X-Fi\Video Converter\Queue.wav
[2003-04-09 05:37][2003-04-09 05:37] 0000852 ____A () 99C5B29E310088D1BCD99F22E1E9BDD0 [File not signed]

I:\Documents and Settings\Simon Hill\Templates\sndrec.wav
[2009-03-15 14:00][2004-08-04 12:00] 0000058 ____A () 4CA681147F7D55321B896749196E9909 [File is digitally signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\The Collector\Stones (Original).mp3
[2010-08-08 11:07][2015-12-24 16:03] 4513602 ____A () EAFB504C772A056037317EE780763339 [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\Not Crazy EP\Not Crazy.mp3
[2010-08-08 11:07][2015-12-24 16:03] 6078237 ____A () 2C4C9CF41234956F85903BB2E190BF4A [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\Lovers\Over and Out.mp3
[2010-08-08 11:07][2015-12-24 16:03] 4099201 ____A () 3C428A22A71433A657BD460EC0E1E103 [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\Love song surprise\Satellite.mp3
[2010-08-08 11:07][2015-12-24 16:03] 3833749 ____A () 56A5FEB996907B45D0A9ED7CC9F923CF [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\Joe Bagale\I Need You.mp3
[2010-08-08 11:07][2010-08-08 11:07] 5160268 ____A () 464A1C16C8E190FB92DBEF80742C83EF [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\Futuristic Sci-Fi (Pre Release)\03 I Never.mp3
[2010-08-08 11:07][2010-08-08 11:07] 3501519 ____A () 5AA75B71C7D8DBEF2205D1FDFCC9FE25 [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\All You're Meant to Be\Change Your Mind.mp3
[2010-08-08 11:07][2015-12-24 16:02] 3519068 ____A () 34F8A12BDFF91629321AFB4FED2E362F [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\Alfa Rock ep\The Way I See.mp3
[2010-08-08 11:07][2015-12-24 16:03] 7214538 ____A () BFBC877922E30CF46D617C309BD35CD9 [File not signed]

I:\Documents and Settings\Simon Hill\My Documents\My Music\Unknown Artist\a new hope\Like I Do.mp3
[2010-08-08 11:07][2015-12-24 16:02] 3443423 ____A () C45AABA7B328CC5E9B750BBE0B33C982 [File not signed]

I:\Documents and Settings\Default User\Templates\sndrec.wav
[2009-03-15 13:53][2004-08-04 12:00] 0000058 ____A () 4CA681147F7D55321B896749196E9909 [File is digitally signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\fw_question.wav
[2015-12-29 16:14][2015-12-29 16:14] 0024164 ____A () 7D51437B79703A21E79EC69F9425B444 [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\scan_completed.wav
[2015-12-29 16:14][2015-12-29 16:14] 0024654 ____A () CFFB605EB5A66D0286EA5953CE9EFEFB [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\threat_detected.wav
[2015-12-29 16:14][2015-12-29 16:14] 0021178 ____A () 0125089484B6CF8117C6A7615E52C6C6 [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\virus_db_updated.wav
[2015-12-29 16:14][2015-12-29 16:14] 0012992 ____A () 62D54C26C84E794E5736A94965EF330C [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\2057\pup_detected.wav
[2015-12-29 16:14][2015-12-29 16:14] 0041974 ____A () 3E4DA2FFD4277B1EA56A9A7BF468CD26 [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\2057\scan_completed.wav
[2015-12-29 16:14][2015-12-29 16:14] 0036932 ____A () 489600E938EC57F77D8319B55E36E8B3 [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\2057\suspicious_detected.wav
[2015-12-29 16:14][2015-12-29 16:14] 0034532 ____A () 72F319B0D69702BA789AADCC684BDC6D [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\2057\threat_detected.wav
[2015-12-29 16:14][2015-12-29 16:14] 0027578 ____A () 43C1ABEC46B63BB025A1A1B509B9D4FC [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\2057\virus_db_updated.wav
[2015-12-29 16:14][2015-12-29 16:14] 0035594 ____A () 8F5BABBE3732B081049F5380F348E7C8 [File not signed]

I:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\sounds\2057\welcome.wav
[2015-12-29 16:14][2015-12-29 16:14] 0018840 ____A () 8917D4F47E0A194A61380B5D4E70649F [File not signed]

I:\Documents and Settings\Administrator\Templates\sndrec.wav
[2010-04-28 16:57][2004-08-04 12:00] 0000058 ____A () 4CA681147F7D55321B896749196E9909 [File is digitally signed]

====== End of Search ======






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users