Inactive Windows Firewall and Defender won't start after virus removal

smokeymac · Jan 8, 2012

Hi i got a computer hear which had a lot of virus' i have cleaned it with tdsskiller, mbam, and avast but im not finding any more virus at all but it seems all my registry is screwed up, i managed to use a registry file to get the firewall to stay on but cant do anything with the updates or the defender, also the punkbuster client wont run on the computer(the original problem lol) i have followed the 5 steps and hear are the logs thanks and i look forward to hearing from you

mbam

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
tommyg :: TOMMYG-PC [administrator]

09/01/2012 01:13:54
mbam-log-2012-01-09 (01-13-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200521
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 22:38:16
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725032VLA380 rev.V54OA73A
Running: mqhqwwfn.exe; Driver: C:\Users\tommyg\AppData\Local\Temp\fwdiipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xCE423FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xCB582510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xCE426456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xCE4264AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xCE4265C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xCE4263AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xCE4264FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xCE426400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xCE426572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xCE423FE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xCB5825C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xCE423DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xCE42400C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xCE4269BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xCE424AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xCE426486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xCE4264D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xCE4265EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xCE4263D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xCE42653E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xCE42642E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xCE42659C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xCB582658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xCE42496A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xCE424030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xCE424054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xCE423E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xCE423F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xCE423F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xCE423F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xCE424078]

INT 0x52 ? C3B4BCD8
INT 0x62 ? C2E53058
INT 0x72 ? C3B4BA58
INT 0x82 ? C3C78A58
INT 0x90 ? C3C782D8
INT 0x92 ? C2E532D8
INT 0xA2 ? C2E537D8
INT 0xB1 ? C2E53CD8
INT 0xB2 ? C2E53558
INT 0xB3 ? C3B4B7D8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xCB5967A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 E1E5B369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E1E94D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB E1E9BD80 4 Bytes [C4, 3F, 42, CE] {LES EDI, DWORD [EDI]; INC EDX; INTO }
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 E1E9BDA8 4 Bytes [10, 25, 58, CB]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 E1E9BE5C 8 Bytes [56, 64, 42, CE, AE, 64, 42, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 E1E9BE68 4 Bytes [C4, 65, 42, CE] {LES ESP, DWORD [EBP+0x42]; INTO }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF E1E9BE84 4 Bytes [AC, 63, 42, CE] {LODSB ; ARPL [EDX-0x32], AX}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject E2028BE8 5 Bytes JMP CB59369C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 E20411D0 5 Bytes JMP CB595174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 E2056317 4 Bytes CALL CE425025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 E20700E9 4 Bytes CALL CE42503B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx E20F9F30 7 Bytes JMP CB5967A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0xD1E12000, 0x3BEEC5, 0xE8000020]
.text win32k.sys!EngFntCacheLookUp + 8B0E D47001E5 5 Bytes JMP CE426F90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 3819 D47142B2 5 Bytes JMP CE4270D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 4C63 D47354EF 5 Bytes JMP CE426B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 650 D4756385 5 Bytes JMP CE4269F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 38FE D4759633 5 Bytes JMP CE426ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 39BC D47596F1 5 Bytes JMP CE426AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EF5 D475DD77 5 Bytes JMP CE426FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2AB5 D4767748 5 Bytes JMP CE426DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + AC45 D476F8D8 5 Bytes JMP CE426C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteClip + 480C D47C6C60 5 Bytes JMP CE426B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEqualRgn + 414D D47D4B97 5 Bytes JMP CE426D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteRgn + 2198 D47F2B8F 5 Bytes JMP CE426D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 3457 D482C240 5 Bytes JMP CE426C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 968D D4832476 5 Bytes JMP CE426CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE peauth.sys E9437E20 101 Bytes JMP DDFAE422
.text user32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes [E9, 0A, 5C, F5, 88] {JMP 0xffffffff88f55c0f}
.text user32.dll!UnhookWinEvent 772BB750 5 Bytes [E9, A7, 4C, F5, 88] {JMP 0xffffffff88f54cac}
.text user32.dll!SetWindowsHookExW 772BE30C 5 Bytes [E9, F3, 24, F5, 88] {JMP 0xffffffff88f524f8}
.text user32.dll!SetWinEventHook 772C24DC 5 Bytes [E9, 17, DD, F4, 88] {JMP 0xffffffff88f4dd1c}
.text user32.dll!SetWindowsHookExA 772E6D0C 5 Bytes [E9, EF, 98, F2, 88] {JMP 0xffffffff88f298f4}
.text kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[320] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[320] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[320] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[320] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[320] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[320] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[320] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[320] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[420] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[420] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[420] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[420] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[420] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[420] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[420] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[420] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00070600
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[496] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[496] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[496] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[496] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\services.exe[544] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\services.exe[544] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\services.exe[544] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[568] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00210A08
.text C:\Windows\system32\lsass.exe[568] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 002103FC
.text C:\Windows\system32\lsass.exe[568] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00210804
.text C:\Windows\system32\lsass.exe[568] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 002101F8
.text C:\Windows\system32\lsass.exe[568] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00210600
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[576] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[884] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[884] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[884] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[884] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atiesrxx.exe[884] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atiesrxx.exe[884] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atiesrxx.exe[884] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atiesrxx.exe[884] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[944] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\svchost.exe[944] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001403FC
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00140804
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\svchost.exe[944] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00540A08
.text C:\Windows\System32\svchost.exe[992] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 005403FC
.text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00540804
.text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 005401F8
.text C:\Windows\System32\svchost.exe[992] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00540600
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00770A08
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 007703FC
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00770804
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 007701F8
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00770600
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00350A08
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 003503FC
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00350804
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 003501F8
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00350600
.text C:\Windows\system32\atieclxx.exe[1240] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1240] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1240] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1240] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atieclxx.exe[1240] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atieclxx.exe[1240] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atieclxx.exe[1240] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atieclxx.exe[1240] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00590A08
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 005903FC
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00590804
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 005901F8
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00590600
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00530A08
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 005303FC
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00530804
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 005301F8
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00530600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!SetUnhandledExceptionFilter 75F2F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1540] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001F03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 001F0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1664] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\Dwm.exe[1832] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\Dwm.exe[1832] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\Dwm.exe[1832] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001303FC
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00130804
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00130600
.text C:\Windows\Explorer.EXE[1856] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1856] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1856] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1856] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[1856]

smokeymac · Jan 8, 2012

USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[1856] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[1856] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[1856] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[2084] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[2084] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2084] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 006D0A08
.text C:\Windows\system32\svchost.exe[2084] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 006D03FC
.text C:\Windows\system32\svchost.exe[2084] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 006D0804
.text C:\Windows\system32\svchost.exe[2084] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 006D01F8
.text C:\Windows\system32\svchost.exe[2084] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 006D0600
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000E03FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000E01F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 002A0A08
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 002A03FC
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 002A0804
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 002A01F8
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2140] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 002A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 003101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2256] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00310600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2344] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00140600
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[2352] KERNEL32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2388] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2428] KERNEL32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2460] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2460] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[2460] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2460] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\WUDFHost.exe[2460] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000903FC
.text C:\Windows\system32\WUDFHost.exe[2460] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00090804
.text C:\Windows\system32\WUDFHost.exe[2460] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\WUDFHost.exe[2460] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 5A88B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 000F0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2688] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[2784] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2784] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2784] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2784] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00360A08
.text C:\Windows\system32\svchost.exe[2784] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 003603FC
.text C:\Windows\system32\svchost.exe[2784] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00360804
.text C:\Windows\system32\svchost.exe[2784] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 003601F8
.text C:\Windows\system32\svchost.exe[2784] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00360600
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001F03FC
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 001F0804
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe[2828] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00670A08
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 006703FC
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00670804
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 006701F8
.text C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe[3124] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00670600
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3212] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3212] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[3212] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000E03FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000E01F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00280A08
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 002803FC
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00280804
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 002801F8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3236] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00280600
.text C:\Windows\system32\svchost.exe[3276] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3276] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3276] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\UAService7.exe[3368] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001503FC
.text C:\Windows\system32\UAService7.exe[3368] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001501F8
.text C:\Windows\system32\UAService7.exe[3368] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3396] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3396] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3396] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3424] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001303FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00130804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001301F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3712] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00130600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3720] KERNEL32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3916] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\SearchIndexer.exe[3916] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\SearchIndexer.exe[3916] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3916] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[3916] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[3916] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[3916] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[3916] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\mmc.exe[4000] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\mmc.exe[4000] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\mmc.exe[4000] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\mmc.exe[4000] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\mmc.exe[4000] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\mmc.exe[4000] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\mmc.exe[4000] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\mmc.exe[4000] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 000F0600
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4152] KERNEL32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00210A08
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 002103FC
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00210804
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 002101F8
.text C:\Users\tommyg\Downloads\mqhqwwfn.exe[4268] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00210600
.text C:\Windows\System32\msdtc.exe[4484] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\msdtc.exe[4484] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\msdtc.exe[4484] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\System32\msdtc.exe[4484] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 000F0A08
.text C:\Windows\System32\msdtc.exe[4484] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000F03FC
.text C:\Windows\System32\msdtc.exe[4484] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 000F0804
.text C:\Windows\System32\msdtc.exe[4484] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000F01F8
.text C:\Windows\System32\msdtc.exe[4484] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\dllhost.exe[4604] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\dllhost.exe[4604] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\dllhost.exe[4604] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\dllhost.exe[4604] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00220A08
.text C:\Windows\system32\dllhost.exe[4604] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 002203FC
.text C:\Windows\system32\dllhost.exe[4604] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00220804
.text C:\Windows\system32\dllhost.exe[4604] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 002201F8
.text C:\Windows\system32\dllhost.exe[4604] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00220600
.text C:\Windows\System32\svchost.exe[4812] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[4812] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[4812] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4812] user32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 003D0A08
.text C:\Windows\System32\svchost.exe[4812] user32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 003D03FC
.text C:\Windows\System32\svchost.exe[4812] user32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 003D0804
.text C:\Windows\System32\svchost.exe[4812] user32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 003D01F8
.text C:\Windows\System32\svchost.exe[4812] user32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 003D0600
.text C:\Windows\system32\PnkBstrA.exe[4868] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\PnkBstrA.exe[4868] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\PnkBstrA.exe[4868] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[4868] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\PnkBstrA.exe[4868] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\PnkBstrA.exe[4868] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\PnkBstrA.exe[4868] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\PnkBstrA.exe[4868] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00190A08
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001903FC
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00190804
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001901F8
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[4944] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00190600
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 000F03FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 000F0804
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[5080] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\DllHost.exe[5732] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 000903FC
.text C:\Windows\system32\DllHost.exe[5732] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 000901F8
.text C:\Windows\system32\DllHost.exe[5732] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Windows\system32\DllHost.exe[5732] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00120A08
.text C:\Windows\system32\DllHost.exe[5732] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 001203FC
.text C:\Windows\system32\DllHost.exe[5732] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00120804
.text C:\Windows\system32\DllHost.exe[5732] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 001201F8
.text C:\Windows\system32\DllHost.exe[5732] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00120600
.text C:\Program Files\Skype\Phone\Skype.exe[5984] ntdll.dll!LdrUnloadDll 773DC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Skype\Phone\Skype.exe[5984] ntdll.dll!LdrLoadDll 773E22B8 5 Bytes JMP 001601F8
.text C:\Program Files\Skype\Phone\Skype.exe[5984] kernel32.dll!GetBinaryTypeW + 70 75F469F4 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[5984] USER32.dll!UnhookWindowsHookEx 772BADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Skype\Phone\Skype.exe[5984] USER32.dll!UnhookWinEvent 772BB750 5 Bytes JMP 002103FC
.text C:\Program Files\Skype\Phone\Skype.exe[5984] USER32.dll!SetWindowsHookExW 772BE30C 5 Bytes JMP 00210804
.text C:\Program Files\Skype\Phone\Skype.exe[5984] USER32.dll!SetWinEventHook 772C24DC 5 Bytes JMP 002101F8
.text C:\Program Files\Skype\Phone\Skype.exe[5984] USER32.dll!SetWindowsHookExA 772E6D0C 5 Bytes JMP 00210600

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp mdvrmng.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000064 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp mdvrmng.sys

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 21504 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{56ddccf1-399b-11e1-8e2c-0019dba6256d}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{56ddccf1-399b-11e1-8e2c-0019dba6256d}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{56ddccf1-399b-11e1-8e2c-0019dba6256d}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-3218E401.pf 17670 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-BD7F0850.pf 6362 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\PEV.3XE-49CBEEB9.pf 16058 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 740 bytes
File C:\Windows\$NtUninstallKB50427$\1460848966 0 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822 0 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\@ 2048 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\bckfg.tmp 870 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\cfg.ini 185 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\keywords 119 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\L 0 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\L\xadqgnnk 83456 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\U 0 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB50427$\4152701822\U\80000032.@ 77312 bytes

---- EOF - GMER 1.0.15 ----

-------------------------------------------------------------------------------------------------------

smokeymac · Jan 8, 2012

dds

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by tommyg at 0:42:26 on 2012-01-09
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1910 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UAService7.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\DAEMON Tools Lite\DTLite.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: MegaIeHelperBHO Class: {77f4e711-789b-447f-9614-96759b2f83c6} - c:\users\tommyg\appdata\local\megamedia\megakey\MegaIeHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi0.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Spotify] "c:\users\tommyg\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Capture Web Page - c:\users\tommyg\appdata\local\megamedia\megakey\CaptureWebPage.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Fetch to Megaupload - c:\users\tommyg\appdata\local\megamedia\megakey\MegaUpload.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/calico/systeminfodeploy/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DA2245E5-D84A-44A2-9DAD-88503CE6BA14} : NameServer = 10.14.32.1
TCP: Interfaces\{F4CCCFB2-0942-4402-A611-5146980E0678} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: jtskyee - c:\windows\system32\config\systemprofile\appdata\local\jtskyee.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tommyg\appdata\roaming\mozilla\firefox\profiles\k8s2y8j7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\battlelog web plugins\1.104.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\tommyg\appdata\local\megamedia\megakey\npMegaPlugin.dll
FF - plugin: c:\users\tommyg\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-7 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-7 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-2 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-7 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-7 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-7 44768]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-26 21992]
R2 Realtek11nSU;Realtek11nSU;c:\program files\realtek\11n usb wireless lan utility\RtlService.exe [2011-6-10 45056]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
R3 HCW713x;Hauppauge WinTV-HVR 713X PCI Card;c:\windows\system32\drivers\HCW713x.sys [2011-4-10 1156224]
R3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-5-21 27136]
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [2010-5-20 61952]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2011-6-27 2421384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-2 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-2 3072]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-4-11 130976]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-6 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-17 136176]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-5-6 35776]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-4-20 9216]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-2 15872]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2011-6-10 594976]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-18 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-4-20 105856]
S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-4-20 194048]
S4 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2011-6-14 1737464]
S4 ExpressAccountsService;Express Accounts;c:\program files\nch software\expressaccounts\expressaccounts.exe [2011-4-16 2179076]
S4 ExpressInvoiceService;Express Invoice;c:\program files\nch software\expressinvoice\expressinvoice.exe [2011-4-16 1687044]
S4 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-11-21 330072]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-5-21 745832]
S4 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-8-18 8704]

..
=============== Created Last 30 ================
.
2074-05-07 17:38:48 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2012-01-09 00:12:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-08 22:28:11 -------- d-----w- c:\users\tommyg\appdata\roaming\Moyea
2012-01-08 22:27:16 -------- d-----w- c:\program files\Moyea
2012-01-08 22:25:02 -------- d-----w- c:\users\tommyg\appdata\roaming\FLV Extract
2012-01-08 02:03:36 -------- d-s---w- C:\ff15325f
2012-01-08 00:55:02 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-08 00:55:02 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-08 00:55:02 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-08 00:55:01 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-08 00:45:13 290304 ----a-w- C:\subinacl.exe
2012-01-08 00:20:58 -------- d-----w- C:\MGtools
2012-01-07 22:50:11 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2012-01-07 21:51:04 -------- d-----w- c:\users\tommyg\appdata\roaming\SUPERAntiSpyware.com
2012-01-07 21:50:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-07 21:50:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-07 18:34:33 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-07 18:34:29 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-07 18:34:05 41184 ----a-w- c:\windows\avastSS.scr
2012-01-07 15:31:43 840264 ----a-w- c:\windows\system32\pbsvc.exe
2012-01-07 10:40:55 -------- d-----w- C:\3da6d3f8aa9c540bbda9eb2d891d
2012-01-07 10:07:08 942907 ----a-w- c:\windows\system32\pbcls.dll
2012-01-07 10:07:08 942907 ----a-w- c:\windows\system32\pbclold.dll
2012-01-07 10:07:08 942907 ----a-w- c:\windows\system32\pbcl.dll
2012-01-07 10:07:08 57344 ----a-w- c:\windows\system32\pbags.dll
2012-01-07 10:07:08 57344 ----a-w- c:\windows\system32\pbag.dll
2012-01-07 10:07:08 425984 ----a-w- c:\windows\system32\pbsv.dll
2012-01-07 10:07:08 -------- d-----w- c:\windows\system32\scrnshot
2012-01-07 10:07:08 -------- d-----w- c:\windows\system32\htm
2012-01-07 09:53:35 -------- d-----w- c:\windows\system32\pb
2012-01-06 11:59:22 -------- d-----w- c:\programdata\AVAST Software
2012-01-06 11:59:22 -------- d-----w- c:\program files\AVAST Software
2012-01-05 23:34:16 -------- d-s---w- C:\ff
2012-01-03 12:46:27 -------- d-----w- c:\program files\X3 map by Scorp
2011-12-28 12:41:23 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-12-28 12:41:23 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-12-28 12:41:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-12-28 12:41:23 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-12-28 12:41:23 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-12-28 12:41:23 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-12-28 12:41:23 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-12-25 19:16:58 -------- d-----w- c:\users\tommyg\appdata\local\ESN Sonar
2011-12-19 04:32:54 -------- d-----w- c:\users\tommyg\appdata\roaming\Qiq
2011-12-19 04:32:54 -------- d-----w- c:\users\tommyg\appdata\roaming\Eha
2011-12-16 21:42:34 -------- d-----w- c:\program files\Battlelog Web Plugins
2011-12-16 16:29:53 -------- d-----w- c:\users\tommyg\appdata\roaming\Origin
2011-12-16 16:29:19 -------- d-----w- c:\users\tommyg\appdata\local\Origin
2011-12-16 16:28:48 -------- d-----w- c:\programdata\Origin
2011-12-16 16:28:47 -------- d-----w- c:\program files\Origin Games
2011-12-16 16:28:32 -------- d-----w- c:\program files\Origin
2011-12-16 10:26:47 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2b940eed-2df7-46d7-b20a-796497c18128}\mpengine.dll
2011-12-15 11:43:02 -------- d-----w- c:\program files\AMD APP
2011-12-15 04:39:42 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-12-14 10:09:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 10:09:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 10:09:22 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 10:09:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 10:09:11 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 10:09:10 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-12 13:26:51 -------- d-----w- c:\users\tommyg\appdata\roaming\NCH Software
2011-12-12 13:18:23 200104 ----a-w- c:\windows\system32\cnvshell.dll
2011-12-12 13:18:22 -------- d-----w- c:\program files\ImageConverter Plus
.
==================== Find3M ====================
.
2012-01-08 23:09:05 138904 ----a-w- c:\users\tommyg\appdata\roaming\PnkBstrK.sys
2011-12-19 00:22:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 03:44:12 8913920 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:17:10 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16:56 774656 ----a-w- c:\windows\system32\aticfx32.dll
2011-11-10 03:12:24 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:11:50 417792 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11:20 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10:08 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2011-11-10 03:09:52 360448 ----a-w- c:\windows\system32\atipdlxx.dll
2011-11-10 03:09:40 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-11-10 03:09:32 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-11-10 03:06:20 6077952 ----a-w- c:\windows\system32\atidxx32.dll
2011-11-10 02:58:20 18996224 ----a-w- c:\windows\system32\atioglxx.dll
2011-11-10 02:40:18 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-11-10 02:34:52 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-11-10 02:34:42 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-11-10 02:33:52 5852672 ----a-w- c:\windows\system32\atiumdag.dll
2011-11-10 02:29:58 11300864 ----a-w- c:\windows\system32\aticaldd.dll
2011-11-10 02:29:46 4200960 ----a-w- c:\windows\system32\atiumdva.dll
2011-11-10 02:18:40 51200 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13:20 348160 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13:04 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:12:52 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-11-10 02:12:20 263680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11:46 32256 ----a-w- c:\windows\system32\atiuxpag.dll
2011-11-10 02:11:32 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-11-10 02:11:26 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-11-10 02:11:26 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-11-10 02:10:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 22:39:44 59904 ----a-w- c:\windows\system32\OpenVideo.dll
2011-11-09 22:39:32 54784 ----a-w- c:\windows\system32\OVDecode.dll
2011-11-09 22:38:40 14375936 ----a-w- c:\windows\system32\amdocl.dll
2011-11-09 22:37:46 44032 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-25 21:21:34 56832 ----a-w- c:\windows\system32\OVDecoder.dll
2011-10-21 20:16:12 1843200 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-21 20:15:46 104448 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-20 11:52:48 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-10-20 11:52:48 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-10-17 17:40:44 85520 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2011-10-17 11:50:26 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-10-17 11:50:26 109144 ----a-w- c:\windows\system32\OpenAL32.dll
.
============= FINISH: 0:44:14.14 ===============

Broni · Jan 8, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

smokeymac · Jan 9, 2012

hi and thanks for the quick reply hears the fss log for you

Farbar Service Scanner
Ran by tommyg (administrator) on 09-01-2012 at 10:48:29
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Jan 9, 2012

What is the problem with Windows updates?

As for Windows Defender I'd leave it alone as it's totally useless program.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

smokeymac · Jan 9, 2012

hi again and thanks for the time, the problem with update is its not working it gives me a error Code 80096001, also punkbuster will not install making me think something is still on the pc/stopping the registry being updated,

hears the aswMBR log

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-09 15:44:03
-----------------------------
15:44:03.196 OS Version: Windows 6.1.7601 Service Pack 1
15:44:03.196 Number of processors: 2 586 0xF06
15:44:03.198 ComputerName: TOMMYG-PC UserName: tommyg
15:44:05.131 Initialize success
15:44:05.488 AVAST engine defs: 12010900
15:44:32.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:44:32.374 Disk 0 Vendor: Hitachi_HDT725032VLA380 V54OA73A Size: 305245MB BusType: 3
15:44:32.395 Disk 0 MBR read successfully
15:44:32.398 Disk 0 MBR scan
15:44:32.401 Disk 0 Windows 7 default MBR code
15:44:32.405 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305244 MB offset 63
15:44:32.412 Disk 0 scanning sectors +625140432
15:44:32.461 Disk 0 scanning C:\Windows\system32\drivers
15:44:44.711 Service scanning
15:44:46.086 Modules scanning
15:44:58.064 Disk 0 trace - called modules:
15:44:58.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
15:44:58.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc3366948]
15:44:58.423 3 CLASSPNP.SYS[c91c359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xc327f610]
15:44:59.631 AVAST engine scan C:\Windows
15:45:02.940 AVAST engine scan C:\Windows\system32
15:47:21.740 AVAST engine scan C:\Windows\system32\drivers
15:47:33.257 AVAST engine scan C:\Users\tommyg
16:33:35.524 AVAST engine scan C:\ProgramData
16:38:52.197 Scan finished successfully
16:41:23.190 Disk 0 MBR has been saved successfully to "C:\Users\tommyg\Desktop\MBR.dat"
16:41:23.206 The log file has been saved successfully to "C:\Users\tommyg\Desktop\aswMBR.txt"

-------------------------------------------------------------------------------------------------

combofix keeps freezing on the screen saying it should not take more than 10 mins this is with or without safe mode and even after using rkill

------------------------------------------------------------------------------------------------
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/01/2012 at 17:01:45.
Operating System: Windows 7 Ultimate

Processes terminated by Rkill or while it was running:

Rkill completed on 09/01/2012 at 17:01:49.

------------------------------------------------------------------------------------------------

Broni · Jan 9, 2012

Give Combofix at least 30 minutes.

smokeymac · Jan 9, 2012

hi again combofix has been running for 2 hrs now and still no change, any advice? should i leave it too scan or stop it?

edit: after i have stopped it last time it came up with a error about the recycle bin being corrupt :/

Broni · Jan 9, 2012

No. Stop it.

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

smokeymac · Jan 9, 2012

hi looks like you have pinpointed something

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

Broni · Jan 9, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

Double click on downloaded file to run it.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log (FRST.txt) on your desktop.
Please copy and paste it to your reply.

smokeymac · Jan 9, 2012

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by tommyg at 2012-01-09 19:26:09
Running from C:\Users\tommyg\Downloads
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================

========================== Drivers (Whitelisted) =============

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-09 19:26 - 2012-01-09 19:26 - 0000000 ____D C:\FRST
2012-01-09 19:25 - 2012-01-09 19:25 - 0859264 ____A C:\Users\tommyg\Downloads\FRST.exe
2012-01-09 19:25 - 2012-01-09 19:25 - 0859264 ____A C:\Documents and Settings\tommyg\Downloads\FRST.exe
2012-01-09 19:12 - 2012-01-09 19:12 - 0070647 ____A C:\Users\tommyg\Desktop\bootkit_remover_debug_log.txt
2012-01-09 19:12 - 2012-01-09 19:12 - 0070647 ____A C:\Documents and Settings\tommyg\Desktop\bootkit_remover_debug_log.txt
2012-01-09 19:11 - 2012-01-09 19:11 - 0044607 ____A C:\Users\tommyg\Downloads\bootkit_remover.zip
2012-01-09 19:11 - 2012-01-09 19:11 - 0044607 ____A C:\Documents and Settings\tommyg\Downloads\bootkit_remover.zip
2012-01-09 19:11 - 2011-09-21 18:11 - 0003641 ____A C:\Users\tommyg\Desktop\readme_ru.txt
2012-01-09 19:11 - 2011-09-21 18:11 - 0003641 ____A C:\Documents and Settings\tommyg\Desktop\readme_ru.txt
2012-01-09 19:11 - 2011-09-21 18:11 - 0003114 ____A C:\Users\tommyg\Desktop\readme_en.txt
2012-01-09 19:11 - 2011-09-21 18:11 - 0003114 ____A C:\Documents and Settings\tommyg\Desktop\readme_en.txt
2012-01-09 19:11 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\tommyg\Desktop\boot_cleaner.exe
2012-01-09 19:11 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Documents and Settings\tommyg\Desktop\boot_cleaner.exe
2012-01-09 17:11 - 2012-01-09 17:12 - 0000000 ___SD C:\tg
2012-01-09 16:53 - 2012-01-09 16:53 - 0000000 ____D C:\Qoobox
2012-01-09 16:53 - 2011-06-26 06:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-09 16:53 - 2010-11-07 17:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-09 16:53 - 2009-04-20 04:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-09 16:53 - 2000-08-31 00:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-09 16:53 - 2000-08-31 00:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-09 16:53 - 2000-08-31 00:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-09 16:53 - 2000-08-31 00:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-09 16:53 - 2000-08-31 00:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-09 16:52 - 2012-01-09 16:52 - 0000000 ___SD C:\tg2012
2012-01-09 16:45 - 2012-01-09 17:01 - 0000357 ____A C:\rkill.log
2012-01-09 16:41 - 2012-01-09 16:41 - 0001794 ____A C:\Users\tommyg\Desktop\aswMBR.txt
2012-01-09 16:41 - 2012-01-09 16:41 - 0001794 ____A C:\Documents and Settings\tommyg\Desktop\aswMBR.txt
2012-01-09 16:41 - 2012-01-09 16:41 - 0000512 ____A C:\Users\tommyg\Desktop\MBR.dat
2012-01-09 16:41 - 2012-01-09 16:41 - 0000512 ____A C:\Documents and Settings\tommyg\Desktop\MBR.dat
2012-01-09 16:34 - 2012-01-09 16:34 - 0001044 ____A C:\Program Files\SimBin - Shortcut.lnk
2012-01-09 16:07 - 2012-01-09 16:07 - 1008141 ____A C:\Users\tommyg\Downloads\rkill(1).com
2012-01-09 16:07 - 2012-01-09 16:07 - 1008141 ____A C:\Documents and Settings\tommyg\Downloads\rkill(1).com
2012-01-09 16:06 - 2012-01-09 16:06 - 1008141 ____A C:\Users\tommyg\Downloads\rkill.scr
2012-01-09 16:06 - 2012-01-09 16:06 - 1008141 ____A C:\Documents and Settings\tommyg\Downloads\rkill.scr
2012-01-09 15:45 - 2012-01-09 15:46 - 4376389 ____R (Swearware) C:\Users\tommyg\Desktop\tg.exe
2012-01-09 15:45 - 2012-01-09 15:46 - 4376389 ____R (Swearware) C:\Documents and Settings\tommyg\Desktop\tg.exe
2012-01-09 15:43 - 2012-01-09 15:43 - 4713472 ____A (AVAST Software) C:\Users\tommyg\Desktop\aswMBR(1).exe
2012-01-09 15:43 - 2012-01-09 15:43 - 4713472 ____A (AVAST Software) C:\Documents and Settings\tommyg\Desktop\aswMBR(1).exe
2012-01-09 14:47 - 2012-01-09 14:47 - 0046786 ____A C:\JavaRa.log
2012-01-09 14:46 - 2012-01-09 14:47 - 0000000 ____D C:\Users\tommyg\Desktop\ra
2012-01-09 14:46 - 2012-01-09 14:47 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\ra
2012-01-09 14:46 - 2012-01-09 14:46 - 0160350 ____A C:\Users\tommyg\Downloads\JavaRa.zip
2012-01-09 14:46 - 2012-01-09 14:46 - 0160350 ____A C:\Documents and Settings\tommyg\Downloads\JavaRa.zip
2012-01-09 14:44 - 2012-01-09 14:44 - 0004117 ____A C:\Windows\System32\jupdate-1.6.0_30-b12.log
2012-01-09 14:44 - 2011-11-10 05:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-01-09 14:44 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-01-09 14:44 - 2011-11-10 05:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-01-09 14:42 - 2012-01-09 14:42 - 0910112 ____A (Sun Microsystems, Inc.) C:\Users\tommyg\Downloads\jxpiinstall(2).exe
2012-01-09 14:42 - 2012-01-09 14:42 - 0910112 ____A (Sun Microsystems, Inc.) C:\Documents and Settings\tommyg\Downloads\jxpiinstall(2).exe
2012-01-09 12:03 - 2012-01-09 12:03 - 0002148 ____A C:\Users\tommyg\Desktop\FSS.txt
2012-01-09 12:03 - 2012-01-09 12:03 - 0002148 ____A C:\Documents and Settings\tommyg\Desktop\FSS.txt
2012-01-09 01:11 - 2012-01-09 14:48 - 0189248 ____A C:\Windows\System32\PnkBstrB.exe
2012-01-09 01:11 - 2012-01-09 14:48 - 0076888 ____A C:\Windows\System32\PnkBstrA.exe
2012-01-09 01:08 - 2012-01-09 01:08 - 3562624 ____A (Piriform Ltd) C:\Users\tommyg\Downloads\ccsetup314(1).exe
2012-01-09 01:08 - 2012-01-09 01:08 - 3562624 ____A (Piriform Ltd) C:\Documents and Settings\tommyg\Downloads\ccsetup314(1).exe
2012-01-09 01:08 - 2012-01-09 01:08 - 0000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-01-09 01:08 - 2012-01-09 01:08 - 0000965 ____A C:\Documents and Settings\Public\Desktop\CCleaner.lnk
2012-01-09 01:08 - 2012-01-09 01:08 - 0000000 ____D C:\Program Files\CCleaner
2012-01-09 00:51 - 2012-01-09 00:51 - 0023646 ____A C:\Users\tommyg\Desktop\DDS.txt
2012-01-09 00:51 - 2012-01-09 00:51 - 0023646 ____A C:\Documents and Settings\tommyg\Desktop\DDS.txt
2012-01-09 00:44 - 2012-01-09 00:44 - 4713472 ____A (AVAST Software) C:\Users\tommyg\Downloads\aswMBR.exe
2012-01-09 00:44 - 2012-01-09 00:44 - 4713472 ____A (AVAST Software) C:\Documents and Settings\tommyg\Downloads\aswMBR.exe
2012-01-09 00:18 - 2012-01-09 00:18 - 0607260 ____R (Swearware) C:\Users\tommyg\Downloads\dds.scr
2012-01-09 00:18 - 2012-01-09 00:18 - 0607260 ____R (Swearware) C:\Documents and Settings\tommyg\Downloads\dds.scr
2012-01-09 00:13 - 2012-01-09 00:13 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-09 00:13 - 2012-01-09 00:13 - 0001067 ____A C:\Documents and Settings\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-09 00:12 - 2011-12-10 15:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-01-08 23:31 - 2012-01-08 23:32 - 0087748 ____A C:\TDSSKiller.2.6.25.0_08.01.2012_23.31.38_log.txt
2012-01-08 22:48 - 2012-01-08 22:53 - 0004848 ____A C:\shared.log
2012-01-08 22:38 - 2012-01-08 22:38 - 0084012 ____A C:\Users\tommyg\Downloads\gmer log.log
2012-01-08 22:38 - 2012-01-08 22:38 - 0084012 ____A C:\Documents and Settings\tommyg\Downloads\gmer log.log
2012-01-08 22:28 - 2012-01-08 22:28 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Moyea
2012-01-08 22:28 - 2012-01-08 22:28 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Moyea
2012-01-08 22:27 - 2012-01-08 22:27 - 0001102 ____A C:\Users\Public\Desktop\Moyea YouTube FLV Downloader.lnk
2012-01-08 22:27 - 2012-01-08 22:27 - 0001102 ____A C:\Documents and Settings\Public\Desktop\Moyea YouTube FLV Downloader.lnk
2012-01-08 22:27 - 2012-01-08 22:27 - 0000000 ____D C:\Program Files\Moyea
2012-01-08 22:26 - 2012-01-08 22:26 - 11938584 ____A (Moyea Software Co., LTD ) C:\Users\tommyg\Downloads\youtube_flv_downloader_install.exe
2012-01-08 22:26 - 2012-01-08 22:26 - 11938584 ____A (Moyea Software Co., LTD ) C:\Documents and Settings\tommyg\Downloads\youtube_flv_downloader_install.exe
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\FLV Extract
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\FLV Extract
2012-01-08 22:24 - 2012-01-08 22:24 - 0000000 ____D C:\Users\tommyg\Downloads\FLV_Extract_v1.6.2
2012-01-08 22:24 - 2012-01-08 22:24 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\FLV_Extract_v1.6.2
2012-01-08 22:22 - 2012-01-08 22:22 - 0082097 ____A C:\Users\tommyg\Downloads\FLV_Extract_v1.6.2.zip
2012-01-08 22:22 - 2012-01-08 22:22 - 0082097 ____A C:\Documents and Settings\tommyg\Downloads\FLV_Extract_v1.6.2.zip
2012-01-08 13:51 - 2012-01-09 11:19 - 0002148 ____A C:\Users\tommyg\Downloads\FSS.txt
2012-01-08 13:51 - 2012-01-09 11:19 - 0002148 ____A C:\Documents and Settings\tommyg\Downloads\FSS.txt
2012-01-08 13:49 - 2012-01-08 13:49 - 0334127 ____A C:\Users\tommyg\Desktop\FSS(1).exe
2012-01-08 13:49 - 2012-01-08 13:49 - 0334127 ____A C:\Documents and Settings\tommyg\Desktop\FSS(1).exe
2012-01-08 13:34 - 2012-01-09 01:51 - 0000000 ____D C:\Users\tommyg\Downloads\Seven
2012-01-08 13:34 - 2012-01-09 01:51 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Seven
2012-01-08 13:34 - 2012-01-08 13:34 - 0009993 ____A C:\Users\tommyg\Downloads\Seven.zip
2012-01-08 13:34 - 2012-01-08 13:34 - 0009993 ____A C:\Documents and Settings\tommyg\Downloads\Seven.zip
2012-01-08 02:24 - 2012-01-08 02:24 - 0001083 ____A C:\Users\tommyg\Documents - Shortcut.lnk
2012-01-08 02:24 - 2012-01-08 02:24 - 0001083 ____A C:\Documents and Settings\tommyg\Documents - Shortcut.lnk
2012-01-08 02:03 - 2012-01-08 02:04 - 0000000 ___SD C:\ff15325f
2012-01-08 01:56 - 2012-01-08 01:56 - 0347920 ____A (Microsoft Corporation) C:\Users\tommyg\Downloads\MicrosoftFixit.wu.Run(1).exe
2012-01-08 01:56 - 2012-01-08 01:56 - 0347920 ____A (Microsoft Corporation) C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit.wu.Run(1).exe
2012-01-08 01:11 - 2012-01-08 13:32 - 0594994 ____A C:\MGlogs.zip
2012-01-08 00:56 - 2012-01-08 00:58 - 0000000 ____D C:\Users\tommyg\Desktop\MiniRegTool
2012-01-08 00:56 - 2012-01-08 00:58 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\MiniRegTool
2012-01-08 00:45 - 2012-01-08 00:51 - 0181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-01-08 00:45 - 2004-06-11 15:33 - 0290304 ____A (Microsoft Corporation) C:\subinacl.exe
2012-01-08 00:43 - 2012-01-08 00:43 - 0786766 ____A C:\Users\tommyg\Downloads\tweaking.com_windows_repair_aio.zip
2012-01-08 00:43 - 2012-01-08 00:43 - 0786766 ____A C:\Documents and Settings\tommyg\Downloads\tweaking.com_windows_repair_aio.zip
2012-01-08 00:43 - 2011-10-24 13:35 - 0000000 ____D C:\Users\tommyg\Desktop\Tweaking.com - Windows Repair
2012-01-08 00:43 - 2011-10-24 13:35 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\Tweaking.com - Windows Repair
2012-01-08 00:35 - 2012-01-08 00:35 - 1091646 ____A C:\Users\tommyg\Downloads\MiniRegTool.zip
2012-01-08 00:35 - 2012-01-08 00:35 - 1091646 ____A C:\Documents and Settings\tommyg\Downloads\MiniRegTool.zip
2012-01-08 00:20 - 2012-01-08 13:32 - 0000000 ____D C:\MGtools
2012-01-08 00:19 - 2012-01-08 00:19 - 2448941 ____A C:\Users\tommyg\Downloads\MGtools.exe
2012-01-08 00:19 - 2012-01-08 00:19 - 2448941 ____A C:\Documents and Settings\tommyg\Downloads\MGtools.exe
2012-01-08 00:14 - 2012-01-08 00:14 - 0000960 ____A C:\Users\tommyg\Desktop\tg.reg
2012-01-08 00:14 - 2012-01-08 00:14 - 0000960 ____A C:\Documents and Settings\tommyg\Desktop\tg.reg
2012-01-08 00:11 - 2012-01-08 00:11 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{f6df8adc-398b-11e1-8ab3-0019dba6256d}.TxR.blf
2012-01-08 00:00 - 2012-01-08 00:00 - 0229548 ____A C:\Users\tommyg\Downloads\1055.BFE.reg
2012-01-08 00:00 - 2012-01-08 00:00 - 0229548 ____A C:\Documents and Settings\tommyg\Downloads\1055.BFE.reg
2012-01-07 23:57 - 2012-01-07 23:57 - 0677376 ____A C:\Users\tommyg\Downloads\MicrosoftFixit50687.msi
2012-01-07 23:57 - 2012-01-07 23:57 - 0677376 ____A C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit50687.msi
2012-01-07 23:54 - 2012-01-07 23:54 - 0347920 ____A (Microsoft Corporation) C:\Users\tommyg\Downloads\MicrosoftFixit.wu.Run.exe
2012-01-07 23:54 - 2012-01-07 23:54 - 0347920 ____A (Microsoft Corporation) C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit.wu.Run.exe
2012-01-07 22:50 - 2009-07-13 23:45 - 0083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys
2012-01-07 22:19 - 2012-01-07 22:19 - 0334127 ____A C:\Users\tommyg\Downloads\FSS.exe
2012-01-07 22:19 - 2012-01-07 22:19 - 0334127 ____A C:\Documents and Settings\tommyg\Downloads\FSS.exe
2012-01-07 21:51 - 2012-01-07 21:51 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 21:51 - 2012-01-07 21:51 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:51 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-07 21:50 - 2012-01-07 21:50 - 0001961 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-01-07 21:50 - 2012-01-07 21:50 - 0001961 ____A C:\Documents and Settings\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Documents and Settings\All Users\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-07 21:47 - 2012-01-07 21:49 - 13913696 ____A (SUPERAntiSpyware.com) C:\Users\tommyg\Downloads\SUPERAntiSpyware.exe
2012-01-07 21:47 - 2012-01-07 21:49 - 13913696 ____A (SUPERAntiSpyware.com) C:\Documents and Settings\tommyg\Downloads\SUPERAntiSpyware.exe
2012-01-07 21:33 - 2012-01-07 21:33 - 0650240 ____A C:\Users\tommyg\Downloads\MicrosoftFixit50203.msi
2012-01-07 21:33 - 2012-01-07 21:33 - 0650240 ____A C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit50203.msi
2012-01-07 16:36 - 2012-01-07 16:37 - 0013512 ____A C:\Users\tommyg\Desktop\MBRCheck_01.07.12_16.36.55.txt
2012-01-07 16:36 - 2012-01-07 16:37 - 0013512 ____A C:\Documents and Settings\tommyg\Desktop\MBRCheck_01.07.12_16.36.55.txt
2012-01-07 16:20 - 2012-01-07 16:20 - 0001820 ____A C:\TDSSKiller.2.6.25.0_07.01.2012_16.20.20_log.txt
2012-01-07 15:31 - 2012-01-07 01:05 - 0840264 ____A C:\Windows\System32\pbsvc.exe
2012-01-07 12:30 - 2012-01-07 15:47 - 0013383 ____A C:\Users\tommyg\Downloads\pbgame.htm
2012-01-07 12:30 - 2012-01-07 15:47 - 0013383 ____A C:\Documents and Settings\tommyg\Downloads\pbgame.htm
2012-01-07 12:30 - 2012-01-07 12:45 - 0000059 ____A C:\Users\tommyg\Downloads\pbuser.htm
2012-01-07 12:30 - 2012-01-07 12:45 - 0000059 ____A C:\Documents and Settings\tommyg\Downloads\pbuser.htm
2012-01-07 12:30 - 2012-01-07 12:30 - 0846336 ____A C:\Users\tommyg\Downloads\pbsetup.exe
2012-01-07 12:30 - 2012-01-07 12:30 - 0846336 ____A C:\Documents and Settings\tommyg\Downloads\pbsetup.exe
2012-01-07 11:29 - 2012-01-07 11:29 - 3562624 ____A (Piriform Ltd) C:\Users\tommyg\Downloads\ccsetup314.exe
2012-01-07 11:29 - 2012-01-07 11:29 - 3562624 ____A (Piriform Ltd) C:\Documents and Settings\tommyg\Downloads\ccsetup314.exe
2012-01-07 10:40 - 2012-01-07 10:40 - 0000000 ____D C:\3da6d3f8aa9c540bbda9eb2d891d
2012-01-07 10:35 - 2012-01-07 17:29 - 0001945 ____A C:\Windows\epplauncher.mif
2012-01-07 10:34 - 2012-01-07 10:34 - 0254152 ____A (Secure By Design Inc.) C:\Users\tommyg\Downloads\Ninite Avast Essentials Super Installer.exe
2012-01-07 10:34 - 2012-01-07 10:34 - 0254152 ____A (Secure By Design Inc.) C:\Documents and Settings\tommyg\Downloads\Ninite Avast Essentials Super Installer.exe
2012-01-07 10:28 - 2012-01-09 14:56 - 0013383 ____A C:\Users\tommyg\Desktop\pbgame.htm
2012-01-07 10:28 - 2012-01-09 14:56 - 0013383 ____A C:\Documents and Settings\tommyg\Desktop\pbgame.htm
2012-01-07 10:28 - 2012-01-07 16:12 - 0000059 ____A C:\Users\tommyg\Desktop\pbuser.htm
2012-01-07 10:28 - 2012-01-07 16:12 - 0000059 ____A C:\Documents and Settings\tommyg\Desktop\pbuser.htm
2012-01-07 10:28 - 2008-11-12 16:10 - 0846336 ____A C:\Users\tommyg\Desktop\pbsetup.exe
2012-01-07 10:28 - 2008-11-12 16:10 - 0846336 ____A C:\Documents and Settings\tommyg\Desktop\pbsetup.exe
2012-01-07 10:07 - 2012-01-07 10:07 - 0000000 ____D C:\Windows\System32\htm
2012-01-07 10:07 - 2012-01-07 09:49 - 0001916 ____A C:\Windows\System32\pbcl.log
2012-01-07 10:07 - 2012-01-07 09:47 - 0005499 ____A C:\Windows\System32\pbcl.db
2012-01-07 10:07 - 2012-01-07 09:46 - 0425984 ____A C:\Windows\System32\pbsv.dll
2012-01-07 10:07 - 2012-01-07 09:45 - 0942907 ____A C:\Windows\System32\pbcls.dll
2012-01-07 10:07 - 2012-01-07 09:45 - 0942907 ____A C:\Windows\System32\pbcl.dll
2012-01-07 10:07 - 2012-01-07 09:45 - 0057344 ____A C:\Windows\System32\pbags.dll
2012-01-07 10:07 - 2012-01-07 09:45 - 0057344 ____A C:\Windows\System32\pbag.dll
2012-01-07 10:07 - 2012-01-06 17:34 - 0942907 ____A C:\Windows\System32\pbclold.dll
2012-01-07 10:07 - 2012-01-04 21:38 - 0000112 ____A C:\Windows\System32\pbns_c.dat
2012-01-07 10:07 - 2011-09-29 17:07 - 0000000 ____D C:\Windows\System32\scrnshot
2012-01-07 09:53 - 2012-01-07 09:53 - 0000000 ____D C:\Windows\System32\pb
2012-01-07 01:05 - 2012-01-07 01:05 - 0840264 ____A C:\Users\tommyg\Desktop\pbsvc.exe
2012-01-07 01:05 - 2012-01-07 01:05 - 0840264 ____A C:\Documents and Settings\tommyg\Desktop\pbsvc.exe
2012-01-06 18:44 - 2012-01-06 23:33 - 0000000 ____D C:\Users\tommyg\Downloads\pbsetup
2012-01-06 18:44 - 2012-01-06 23:33 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\pbsetup
2012-01-06 17:59 - 2012-01-06 17:59 - 0735889 ____A C:\Users\tommyg\Downloads\pbsetup.zip
2012-01-06 17:59 - 2012-01-06 17:59 - 0735889 ____A C:\Documents and Settings\tommyg\Downloads\pbsetup.zip
2012-01-06 12:02 - 2012-01-06 12:02 - 0302592 ____A C:\Users\tommyg\Desktop\gcnspqi8.exe
2012-01-06 12:02 - 2012-01-06 12:02 - 0302592 ____A C:\Documents and Settings\tommyg\Desktop\gcnspqi8.exe
2012-01-06 11:59 - 2012-01-09 16:48 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-01-06 11:59 - 2012-01-09 16:48 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-01-06 11:59 - 2012-01-09 16:48 - 0000000 ____D C:\ProgramData\AVAST Software
2012-01-06 11:59 - 2012-01-09 16:48 - 0000000 ____D C:\Documents and Settings\All Users\AVAST Software
2012-01-06 11:59 - 2012-01-09 16:48 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-01-06 11:59 - 2012-01-06 11:59 - 0000000 ____D C:\Program Files\AVAST Software
2012-01-06 11:56 - 2012-01-06 11:57 - 64207032 ____A C:\Users\tommyg\Downloads\setup_av_free_cnet.exe
2012-01-06 11:56 - 2012-01-06 11:57 - 64207032 ____A C:\Documents and Settings\tommyg\Downloads\setup_av_free_cnet.exe
2012-01-06 02:19 - 2012-01-06 02:20 - 0089184 ____A C:\TDSSKiller.2.6.25.0_06.01.2012_02.19.02_log.txt
2012-01-06 02:18 - 2012-01-06 02:19 - 0085918 ____A C:\TDSSKiller.2.6.25.0_06.01.2012_02.18.34_log.txt
2012-01-06 02:15 - 2012-01-06 02:15 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS(3).exe
2012-01-06 02:15 - 2012-01-06 02:15 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS(3).exe
2012-01-06 00:53 - 2012-01-06 00:53 - 0014461 ____A C:\Users\tommyg\Desktop\MBRCheck_01.06.12_00.53.33.txt
2012-01-06 00:53 - 2012-01-06 00:53 - 0014461 ____A C:\Documents and Settings\tommyg\Desktop\MBRCheck_01.06.12_00.53.33.txt
2012-01-06 00:52 - 2012-01-06 00:52 - 0080384 ____A C:\Users\tommyg\Downloads\MBRCheck.exe
2012-01-06 00:52 - 2012-01-06 00:52 - 0080384 ____A C:\Documents and Settings\tommyg\Downloads\MBRCheck.exe
2012-01-06 00:50 - 2012-01-06 00:50 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS(2).exe
2012-01-06 00:50 - 2012-01-06 00:50 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS(2).exe
2012-01-06 00:37 - 2012-01-06 00:42 - 0086230 ____A C:\TDSSKiller.2.6.25.0_06.01.2012_00.37.30_log.txt
2012-01-06 00:35 - 2012-01-06 00:35 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\tommyg\Downloads\tdsskiller(1).exe
2012-01-06 00:35 - 2012-01-06 00:35 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tommyg\Downloads\tdsskiller(1).exe
2012-01-05 23:57 - 2012-01-05 23:57 - 0135568 ____A C:\Windows\Minidump\010512-22339-01.dmp
2012-01-05 23:54 - 2012-01-05 23:54 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS(1).exe
2012-01-05 23:54 - 2012-01-05 23:54 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS(1).exe
2012-01-05 23:53 - 2012-01-05 23:53 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS.exe
2012-01-05 23:53 - 2012-01-05 23:53 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS.exe
2012-01-05 23:43 - 2012-01-05 23:43 - 0302592 ____A C:\Users\tommyg\Downloads\mqhqwwfn.exe
2012-01-05 23:43 - 2012-01-05 23:43 - 0302592 ____A C:\Documents and Settings\tommyg\Downloads\mqhqwwfn.exe
2012-01-05 23:34 - 2012-01-05 23:36 - 0000000 ___SD C:\ff
2012-01-05 21:12 - 2012-01-05 21:12 - 2322184 ____A (ESET) C:\Users\tommyg\Downloads\esetsmartinstaller_enu(1).exe
2012-01-05 21:12 - 2012-01-05 21:12 - 2322184 ____A (ESET) C:\Documents and Settings\tommyg\Downloads\esetsmartinstaller_enu(1).exe
2012-01-05 18:08 - 2012-01-05 18:08 - 2322184 ____A (ESET) C:\Users\tommyg\Downloads\esetsmartinstaller_enu.exe
2012-01-05 18:08 - 2012-01-05 18:08 - 2322184 ____A (ESET) C:\Documents and Settings\tommyg\Downloads\esetsmartinstaller_enu.exe
2012-01-05 18:06 - 2012-01-05 18:07 - 1008141 ____A C:\Users\tommyg\Downloads\rkill.com
2012-01-05 18:06 - 2012-01-05 18:07 - 1008141 ____A C:\Documents and Settings\tommyg\Downloads\rkill.com
2012-01-05 14:51 - 2012-01-05 14:51 - 1558406 ____A C:\Users\tommyg\Downloads\tdsskiller(1).zip
2012-01-05 14:51 - 2012-01-05 14:51 - 1558406 ____A C:\Documents and Settings\tommyg\Downloads\tdsskiller(1).zip
2012-01-05 14:49 - 2012-01-05 14:51 - 0175346 ____A C:\TDSSKiller.2.6.25.0_05.01.2012_14.49.07_log.txt
2012-01-05 14:48 - 2012-01-05 14:49 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\tommyg\Downloads\tdsskiller.exe
2012-01-05 14:48 - 2012-01-05 14:49 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tommyg\Downloads\tdsskiller.exe
2012-01-04 23:21 - 2012-01-04 23:21 - 0085914 ____A C:\TDSSKiller.2.6.25.0_04.01.2012_23.21.14_log.txt
2012-01-04 23:21 - 2012-01-04 23:21 - 0000000 ____D C:\Users\tommyg\Downloads\tdsskiller
2012-01-04 23:21 - 2012-01-04 23:21 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\tdsskiller
2012-01-04 23:20 - 2012-01-07 17:20 - 1103302 ____A C:\Windows\ntbtlog.txt
2012-01-04 23:02 - 2012-01-09 16:53 - 0000000 ____D C:\Windows\ERDNT
2012-01-04 23:00 - 2012-01-04 23:00 - 4370643 ____R (Swearware) C:\Users\tommyg\Downloads\ComboFix.exe
2012-01-04 23:00 - 2012-01-04 23:00 - 4370643 ____R (Swearware) C:\Documents and Settings\tommyg\Downloads\ComboFix.exe
2012-01-04 22:52 - 2012-01-04 22:54 - 0173716 ____A C:\TDSSKiller.2.6.25.0_04.01.2012_22.52.05_log.txt
2012-01-04 22:51 - 2012-01-04 22:51 - 1558406 ____A C:\Users\tommyg\Downloads\tdsskiller.zip
2012-01-04 22:51 - 2012-01-04 22:51 - 1558406 ____A C:\Documents and Settings\tommyg\Downloads\tdsskiller.zip
2012-01-03 12:46 - 2012-01-03 12:46 - 0000000 ____D C:\Program Files\X3 map by Scorp
2012-01-03 12:45 - 2012-01-03 12:45 - 1460143 ____A C:\Users\tommyg\Downloads\X3_map_Setup_TCE.zip
2012-01-03 12:45 - 2012-01-03 12:45 - 1460143 ____A C:\Documents and Settings\tommyg\Downloads\X3_map_Setup_TCE.zip
2012-01-02 18:05 - 2012-01-02 18:05 - 0004551 ____A C:\Users\tommyg\Downloads\bskyb.cfg
2012-01-02 18:05 - 2012-01-02 18:05 - 0004551 ____A C:\Documents and Settings\tommyg\Downloads\bskyb.cfg
2012-01-02 18:02 - 2012-01-02 18:03 - 0000000 ____D C:\Users\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2
2012-01-02 18:02 - 2012-01-02 18:03 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2
2012-01-02 18:00 - 2012-01-02 18:02 - 58802102 ____A C:\Users\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2.zip
2012-01-02 18:00 - 2012-01-02 18:02 - 58802102 ____A C:\Documents and Settings\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2.zip
2011-12-30 23:40 - 2011-12-30 23:40 - 0143432 ____A C:\Windows\Minidump\123011-24304-01.dmp
2011-12-25 19:16 - 2011-12-25 20:50 - 0000000 ____D C:\Users\tommyg\AppData\Local\ESN Sonar
2011-12-25 19:16 - 2011-12-25 20:50 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\ESN Sonar
2011-12-22 20:01 - 2011-12-24 11:26 - 208091136 ____A C:\Users\tommyg\Downloads\HBM.iso
2011-12-22 20:01 - 2011-12-24 11:26 - 208091136 ____A C:\Documents and Settings\tommyg\Downloads\HBM.iso
2011-12-20 18:18 - 2011-12-20 18:24 - 0000000 ____D C:\Users\tommyg\Documents\alans wedding
2011-12-20 18:18 - 2011-12-20 18:24 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\alans wedding
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Users\All Users\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Users\All Users\Application Data\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\ProgramData\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Documents and Settings\All Users\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Documents and Settings\All Users\Application Data\We3oh15q.exe.b
2011-12-19 04:32 - 2011-12-19 18:44 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Eha
2011-12-19 04:32 - 2011-12-19 18:44 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Eha
2011-12-19 04:32 - 2011-12-19 04:33 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Qiq
2011-12-19 04:32 - 2011-12-19 04:33 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Qiq
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default User\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 01:09 - 2011-12-19 01:09 - 0000000 ____D C:\Users\tommyg\Documents\Egosoft
2011-12-19 01:09 - 2011-12-19 01:09 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Egosoft
2011-12-19 00:35 - 2011-12-19 00:35 - 0000000 ____A C:\Windows\System32\gPEyO.com.b
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Users\Public\Desktop\X3 Terran Conflict.lnk
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Users\Public\Desktop\X3 Albion Prelude.lnk
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Documents and Settings\Public\Desktop\X3 Terran Conflict.lnk
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Documents and Settings\Public\Desktop\X3 Albion Prelude.lnk
2011-12-19 00:33 - 2012-01-09 19:26 - 0000346 ____A C:\Windows\Tasks\At40.job
2011-12-19 00:33 - 2012-01-09 19:26 - 0000344 ____A C:\Windows\Tasks\At39.job
2011-12-19 00:33 - 2012-01-09 18:26 - 0000346 ____A C:\Windows\Tasks\At38.job
2011-12-19 00:33 - 2012-01-09 18:26 - 0000344 ____A C:\Windows\Tasks\At37.job
2011-12-19 00:33 - 2012-01-09 17:26 - 0000346 ____A C:\Windows\Tasks\At36.job
2011-12-19 00:33 - 2012-01-09 17:26 - 0000344 ____A C:\Windows\Tasks\At35.job
2011-12-19 00:33 - 2012-01-09 16:26 - 0000346 ____A C:\Windows\Tasks\At34.job
2011-12-19 00:33 - 2012-01-09 16:26 - 0000344 ____A C:\Windows\Tasks\At33.job
2011-12-19 00:33 - 2012-01-09 15:26 - 0000346 ____A C:\Windows\Tasks\At32.job
2011-12-19 00:33 - 2012-01-09 15:26 - 0000344 ____A C:\Windows\Tasks\At31.job
2011-12-19 00:33 - 2012-01-09 14:26 - 0000346 ____A C:\Windows\Tasks\At30.job
2011-12-19 00:33 - 2012-01-09 14:26 - 0000344 ____A C:\Windows\Tasks\At29.job
2011-12-19 00:33 - 2012-01-09 12:26 - 0000346 ____A C:\Windows\Tasks\At26.job
2011-12-19 00:33 - 2012-01-09 12:26 - 0000344 ____A C:\Windows\Tasks\At25.job
2011-12-19 00:33 - 2012-01-09 11:26 - 0000346 ____A C:\Windows\Tasks\At24.job
2011-12-19 00:33 - 2012-01-09 11:26 - 0000344 ____A C:\Windows\Tasks\At23.job
2011-12-19 00:33 - 2012-01-09 08:26 - 0000346 ____A C:\Windows\Tasks\At18.job
2011-12-19 00:33 - 2012-01-09 08:26 - 0000344 ____A C:\Windows\Tasks\At17.job
2011-12-19 00:33 - 2012-01-09 07:26 - 0000346 ____A C:\Windows\Tasks\At16.job
2011-12-19 00:33 - 2012-01-09 07:26 - 0000344 ____A C:\Windows\Tasks\At15.job
2011-12-19 00:33 - 2012-01-09 06:26 - 0000346 ____A C:\Windows\Tasks\At14.job
2011-12-19 00:33 - 2012-01-09 06:26 - 0000344 ____A C:\Windows\Tasks\At13.job
2011-12-19 00:33 - 2012-01-09 05:26 - 0000346 ____A C:\Windows\Tasks\At12.job
2011-12-19 00:33 - 2012-01-09 05:26 - 0000344 ____A C:\Windows\Tasks\At11.job
2011-12-19 00:33 - 2012-01-09 04:26 - 0000346 ____A C:\Windows\Tasks\At10.job
2011-12-19 00:33 - 2012-01-09 04:26 - 0000344 ____A C:\Windows\Tasks\At9.job
2011-12-19 00:33 - 2012-01-09 03:26 - 0000346 ____A C:\Windows\Tasks\At8.job
2011-12-19 00:33 - 2012-01-09 03:26 - 0000344 ____A C:\Windows\Tasks\At7.job
2011-12-19 00:33 - 2012-01-09 02:26 - 0000346 ____A C:\Windows\Tasks\At6.job
2011-12-19 00:33 - 2012-01-09 02:26 - 0000344 ____A C:\Windows\Tasks\At5.job
2011-12-19 00:33 - 2012-01-09 01:26 - 0000346 ____A C:\Windows\Tasks\At4.job
2011-12-19 00:33 - 2012-01-09 01:26 - 0000344 ____A C:\Windows\Tasks\At3.job
2011-12-19 00:33 - 2012-01-09 00:26 - 0000346 ____A C:\Windows\Tasks\At2.job
2011-12-19 00:33 - 2012-01-09 00:26 - 0000344 ____A C:\Windows\Tasks\At1.job
2011-12-19 00:33 - 2012-01-08 23:26 - 0000346 ____A C:\Windows\Tasks\At48.job
2011-12-19 00:33 - 2012-01-08 23:26 - 0000344 ____A C:\Windows\Tasks\At47.job
2011-12-19 00:33 - 2012-01-08 22:26 - 0000346 ____A C:\Windows\Tasks\At46.job
2011-12-19 00:33 - 2012-01-08 22:26 - 0000344 ____A C:\Windows\Tasks\At45.job
2011-12-19 00:33 - 2012-01-08 21:26 - 0000346 ____A C:\Windows\Tasks\At44.job
2011-12-19 00:33 - 2012-01-08 21:26 - 0000344 ____A C:\Windows\Tasks\At43.job
2011-12-19 00:33 - 2012-01-08 20:26 - 0000346 ____A C:\Windows\Tasks\At42.job
2011-12-19 00:33 - 2012-01-08 20:26 - 0000344 ____A C:\Windows\Tasks\At41.job
2011-12-19 00:33 - 2012-01-08 13:26 - 0000346 ____A C:\Windows\Tasks\At28.job
2011-12-19 00:33 - 2012-01-08 13:26 - 0000344 ____A C:\Windows\Tasks\At27.job
2011-12-19 00:33 - 2012-01-08 10:26 - 0000346 ____A C:\Windows\Tasks\At22.job
2011-12-19 00:33 - 2012-01-08 10:26 - 0000344 ____A C:\Windows\Tasks\At21.job
2011-12-19 00:33 - 2012-01-08 09:26 - 0000346 ____A C:\Windows\Tasks\At20.job
2011-12-19 00:33 - 2012-01-08 09:26 - 0000344 ____A C:\Windows\Tasks\At19.job
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Users\All Users\Application Data\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Users\All Users\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\ProgramData\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Documents and Settings\All Users\Application Data\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Documents and Settings\All Users\70fkeN.dat
2011-12-19 00:21 - 2011-12-19 00:21 - 0000000 ____A C:\Users\tommyg\AppData\Roaming\eejQt.txt
2011-12-19 00:21 - 2011-12-19 00:21 - 0000000 ____A C:\Documents and Settings\tommyg\AppData\Roaming\eejQt.txt
2011-12-18 14:38 - 2011-05-17 22:12 - 5925611 ____A C:\Users\tommyg\Terraria.exe
2011-12-18 14:38 - 2011-05-17 22:12 - 5925611 ____A C:\Documents and Settings\tommyg\Terraria.exe
2011-12-17 12:48 - 2011-12-17 12:48 - 0003798 ____A C:\Users\tommyg\Desktop\Skills_20111217_124814.csv
2011-12-17 12:48 - 2011-12-17 12:48 - 0003798 ____A C:\Documents and Settings\tommyg\Desktop\Skills_20111217_124814.csv
2011-12-16 23:59 - 2011-12-19 13:49 - 0000000 ____D C:\Users\tommyg\Downloads\X3.Albion.Prelude-SKIDROW
2011-12-16 23:59 - 2011-12-19 13:49 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\X3.Albion.Prelude-SKIDROW
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Users\All Users\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Users\All Users\Application Data\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\ProgramData\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Documents and Settings\All Users\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\RELOADED
2011-12-16 23:51 - 2011-12-16 23:51 - 0001564 ____A C:\Users\Public\Desktop\Flatout 3.lnk
2011-12-16 23:51 - 2011-12-16 23:51 - 0001564 ____A C:\Documents and Settings\Public\Desktop\Flatout 3.lnk
2011-12-16 21:42 - 2011-12-16 21:42 - 0000000 ____D C:\Program Files\Battlelog Web Plugins
2011-12-16 21:41 - 2011-12-16 21:41 - 3840632 ____A C:\Users\tommyg\Downloads\battlelog-web-plugins-1.104.0-retail-prod.exe
2011-12-16 21:41 - 2011-12-16 21:41 - 3840632 ____A C:\Documents and Settings\tommyg\Downloads\battlelog-web-plugins-1.104.0-retail-prod.exe
2011-12-16 21:36 - 2011-12-16 21:36 - 0001128 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2011-12-16 21:36 - 2011-12-16 21:36 - 0001128 ____A C:\Documents and Settings\Public\Desktop\Battlefield 3.lnk
2011-12-16 16:29 - 2011-12-16 16:30 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Origin
2011-12-16 16:29 - 2011-12-16 16:30 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Origin
2011-12-16 16:29 - 2011-12-16 16:29 - 0000937 ____A C:\Users\Public\Desktop\Origin.lnk
2011-12-16 16:29 - 2011-12-16 16:29 - 0000937 ____A C:\Documents and Settings\Public\Desktop\Origin.lnk
2011-12-16 16:29 - 2011-12-16 16:29 - 0000000 ____D C:\Users\tommyg\AppData\Local\Origin
2011-12-16 16:29 - 2011-12-16 16:29 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Origin
2011-12-16 16:28 - 2011-12-16 21:36 - 0000000 ____D C:\Users\All Users\Origin
2011-12-16 16:28 - 2011-12-16 21:36 - 0000000 ____D C:\Users\All Users\Application Data\Origin
2011-12-16 16:28 - 2011-12-16 21:36 - 0000000 ____D C:\ProgramData\Origin
2011-12-16 16:28 - 2011-12-16 21:36 - 0000000 ____D C:\Documents and Settings\All Users\Origin
2011-12-16 16:28 - 2011-12-16 21:36 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Origin
2011-12-16 16:28 - 2011-12-16 16:32 - 0000000 ____D C:\Program Files\Origin Games
2011-12-16 16:28 - 2011-12-16 16:28 - 0000000 ____D C:\Program Files\Origin
2011-12-16 16:24 - 2011-12-16 16:25 - 48141056 ____A (Electronic Arts, Inc.) C:\Users\tommyg\Downloads\OriginSetup(1).exe
2011-12-16 16:24 - 2011-12-16 16:25 - 48141056 ____A (Electronic Arts, Inc.) C:\Documents and Settings\tommyg\Downloads\OriginSetup(1).exe
2011-12-16 11:17 - 2011-12-16 11:17 - 0000000 ____D C:\Users\tommyg\Downloads\miss_entropia_2012_jpegs
2011-12-16 11:17 - 2011-12-16 11:17 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\miss_entropia_2012_jpegs
2011-12-16 11:13 - 2011-12-16 11:16 - 45747936 ____A C:\Users\tommyg\Downloads\miss_entropia_2012_jpegs.rar
2011-12-16 11:13 - 2011-12-16 11:16 - 45747936 ____A C:\Documents and Settings\tommyg\Downloads\miss_entropia_2012_jpegs.rar
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Users\All Users\ATI
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Users\All Users\Application Data\ATI
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\ProgramData\ATI

smokeymac · Jan 9, 2012

2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Documents and Settings\All Users\ATI
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\ATI
2011-12-15 11:43 - 2011-12-15 11:43 - 0000000 ____D C:\Program Files\AMD APP
2011-12-15 04:39 - 2011-12-15 04:39 - 0042392 ____A C:\Windows\System32\xfcodec.dll
2011-12-15 03:04 - 2011-11-03 23:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-15 03:04 - 2011-11-03 22:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-15 03:04 - 2011-11-03 22:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-15 03:04 - 2011-11-03 22:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-15 03:04 - 2011-11-03 22:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-15 03:04 - 2011-11-03 22:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-15 03:04 - 2011-11-03 22:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-15 03:04 - 2011-11-03 22:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 03:04 - 2011-11-03 22:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-15 03:04 - 2011-11-03 22:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-15 03:04 - 2011-11-03 22:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-15 03:04 - 2011-11-03 22:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 03:04 - 2011-11-03 22:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-14 10:09 - 2011-11-24 04:25 - 2342912 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-14 10:09 - 2011-11-05 04:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-14 10:09 - 2011-10-26 04:47 - 3967856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-12-14 10:09 - 2011-10-26 04:47 - 3912560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-12-14 10:09 - 2011-10-26 04:28 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-14 10:09 - 2011-10-15 05:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-12 13:26 - 2011-12-12 13:26 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\NCH Software
2011-12-12 13:26 - 2011-12-12 13:26 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\NCH Software
2011-12-12 13:22 - 2011-12-12 13:22 - 0402528 ____A (NCH Software) C:\Users\tommyg\Downloads\pixsetup.exe
2011-12-12 13:22 - 2011-12-12 13:22 - 0402528 ____A (NCH Software) C:\Documents and Settings\tommyg\Downloads\pixsetup.exe
2011-12-12 13:18 - 2011-12-12 13:20 - 0000000 ____D C:\Users\tommyg\Documents\Image Converter Plus
2011-12-12 13:18 - 2011-12-12 13:20 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Image Converter Plus
2011-12-12 13:18 - 2011-12-12 13:18 - 0000949 ____A C:\Users\tommyg\Desktop\ImageConverter Plus.lnk
2011-12-12 13:18 - 2011-12-12 13:18 - 0000949 ____A C:\Documents and Settings\tommyg\Desktop\ImageConverter Plus.lnk
2011-12-12 13:18 - 2011-12-12 13:18 - 0000000 ____D C:\Users\Public\Documents\ImageConverter Plus
2011-12-12 13:18 - 2011-12-12 13:18 - 0000000 ____D C:\Program Files\ImageConverter Plus
2011-12-12 13:18 - 2011-12-12 13:18 - 0000000 ____D C:\Documents and Settings\Public\Documents\ImageConverter Plus
2011-12-12 13:18 - 2011-10-12 17:53 - 0200104 ____A (fCoder Group International) C:\Windows\System32\cnvshell.dll
2011-12-12 13:14 - 2011-12-12 13:15 - 15244744 ____A (fCoder Group, Inc. ) C:\Users\tommyg\Downloads\converter.exe
2011-12-12 13:14 - 2011-12-12 13:15 - 15244744 ____A (fCoder Group, Inc. ) C:\Documents and Settings\tommyg\Downloads\converter.exe

============ 3 Months Modified Files and Folders ===============

2012-01-09 19:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At40.job
2012-01-09 19:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At39.job
2012-01-09 19:25 - 2012-01-09 19:25 - 0859264 ____A C:\Users\tommyg\Downloads\FRST.exe
2012-01-09 19:25 - 2012-01-09 19:25 - 0859264 ____A C:\Documents and Settings\tommyg\Downloads\FRST.exe
2012-01-09 19:12 - 2012-01-09 19:12 - 0070647 ____A C:\Users\tommyg\Desktop\bootkit_remover_debug_log.txt
2012-01-09 19:12 - 2012-01-09 19:12 - 0070647 ____A C:\Documents and Settings\tommyg\Desktop\bootkit_remover_debug_log.txt
2012-01-09 19:11 - 2012-01-09 19:11 - 0044607 ____A C:\Users\tommyg\Downloads\bootkit_remover.zip
2012-01-09 19:11 - 2012-01-09 19:11 - 0044607 ____A C:\Documents and Settings\tommyg\Downloads\bootkit_remover.zip
2012-01-09 18:30 - 2011-09-17 20:59 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-01-09 18:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At38.job
2012-01-09 18:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At37.job
2012-01-09 17:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At36.job
2012-01-09 17:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At35.job
2012-01-09 17:12 - 2012-01-09 17:11 - 0000000 ___SD C:\tg
2012-01-09 17:04 - 2011-04-02 23:32 - 1435806 ____A C:\Windows\WindowsUpdate.log
2012-01-09 17:01 - 2012-01-09 16:45 - 0000357 ____A C:\rkill.log
2012-01-09 17:01 - 2009-07-14 02:36 - 0000000 __SHD C:\$Recycle.Bin
2012-01-09 16:56 - 2009-07-14 04:34 - 0019456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-09 16:56 - 2009-07-14 04:34 - 0019456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-09 16:53 - 2012-01-09 16:53 - 0000000 ____D C:\Qoobox
2012-01-09 16:53 - 2012-01-04 23:02 - 0000000 ____D C:\Windows\ERDNT
2012-01-09 16:52 - 2012-01-09 16:52 - 0000000 ___SD C:\tg2012
2012-01-09 16:51 - 2011-09-17 20:59 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-01-09 16:50 - 2011-10-09 18:53 - 0065536 _____ C:\Windows\System32\Ikeext.etl
2012-01-09 16:50 - 2011-04-09 20:02 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\uTorrent
2012-01-09 16:50 - 2011-04-09 20:02 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\uTorrent
2012-01-09 16:50 - 2009-07-14 04:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-09 16:50 - 2009-07-14 04:39 - 0118850 ____A C:\Windows\setupact.log
2012-01-09 16:49 - 2011-04-09 13:55 - 0090678 ____A C:\Windows\PFRO.log
2012-01-09 16:49 - 2011-04-02 23:29 - 2414731264 __ASH C:\hiberfil.sys
2012-01-09 16:48 - 2012-01-06 11:59 - 0000000 ____D C:\Users\All Users\AVAST Software
2012-01-09 16:48 - 2012-01-06 11:59 - 0000000 ____D C:\Users\All Users\Application Data\AVAST Software
2012-01-09 16:48 - 2012-01-06 11:59 - 0000000 ____D C:\ProgramData\AVAST Software
2012-01-09 16:48 - 2012-01-06 11:59 - 0000000 ____D C:\Documents and Settings\All Users\AVAST Software
2012-01-09 16:48 - 2012-01-06 11:59 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2012-01-09 16:41 - 2012-01-09 16:41 - 0001794 ____A C:\Users\tommyg\Desktop\aswMBR.txt
2012-01-09 16:41 - 2012-01-09 16:41 - 0001794 ____A C:\Documents and Settings\tommyg\Desktop\aswMBR.txt
2012-01-09 16:41 - 2012-01-09 16:41 - 0000512 ____A C:\Users\tommyg\Desktop\MBR.dat
2012-01-09 16:41 - 2012-01-09 16:41 - 0000512 ____A C:\Documents and Settings\tommyg\Desktop\MBR.dat
2012-01-09 16:34 - 2012-01-09 16:34 - 0001044 ____A C:\Program Files\SimBin - Shortcut.lnk
2012-01-09 16:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At34.job
2012-01-09 16:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At33.job
2012-01-09 16:26 - 2011-11-30 21:55 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Spotify
2012-01-09 16:26 - 2011-11-30 21:55 - 0000000 ____D C:\Users\tommyg\AppData\Local\Spotify
2012-01-09 16:26 - 2011-11-30 21:55 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Spotify
2012-01-09 16:26 - 2011-11-30 21:55 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Spotify
2012-01-09 16:07 - 2012-01-09 16:07 - 1008141 ____A C:\Users\tommyg\Downloads\rkill(1).com
2012-01-09 16:07 - 2012-01-09 16:07 - 1008141 ____A C:\Documents and Settings\tommyg\Downloads\rkill(1).com
2012-01-09 16:06 - 2012-01-09 16:06 - 1008141 ____A C:\Users\tommyg\Downloads\rkill.scr
2012-01-09 16:06 - 2012-01-09 16:06 - 1008141 ____A C:\Documents and Settings\tommyg\Downloads\rkill.scr
2012-01-09 15:46 - 2012-01-09 15:45 - 4376389 ____R (Swearware) C:\Users\tommyg\Desktop\tg.exe
2012-01-09 15:46 - 2012-01-09 15:45 - 4376389 ____R (Swearware) C:\Documents and Settings\tommyg\Desktop\tg.exe
2012-01-09 15:43 - 2012-01-09 15:43 - 4713472 ____A (AVAST Software) C:\Users\tommyg\Desktop\aswMBR(1).exe
2012-01-09 15:43 - 2012-01-09 15:43 - 4713472 ____A (AVAST Software) C:\Documents and Settings\tommyg\Desktop\aswMBR(1).exe
2012-01-09 15:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At32.job
2012-01-09 15:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At31.job
2012-01-09 14:56 - 2012-01-07 10:28 - 0013383 ____A C:\Users\tommyg\Desktop\pbgame.htm
2012-01-09 14:56 - 2012-01-07 10:28 - 0013383 ____A C:\Documents and Settings\tommyg\Desktop\pbgame.htm
2012-01-09 14:51 - 2011-06-12 20:40 - 0138904 ____A C:\Users\tommyg\AppData\Roaming\PnkBstrK.sys
2012-01-09 14:51 - 2011-06-12 20:40 - 0138904 ____A C:\Documents and Settings\tommyg\AppData\Roaming\PnkBstrK.sys
2012-01-09 14:48 - 2012-01-09 01:11 - 0189248 ____A C:\Windows\System32\PnkBstrB.exe
2012-01-09 14:48 - 2012-01-09 01:11 - 0076888 ____A C:\Windows\System32\PnkBstrA.exe
2012-01-09 14:47 - 2012-01-09 14:47 - 0046786 ____A C:\JavaRa.log
2012-01-09 14:47 - 2012-01-09 14:46 - 0000000 ____D C:\Users\tommyg\Desktop\ra
2012-01-09 14:47 - 2012-01-09 14:46 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\ra
2012-01-09 14:46 - 2012-01-09 14:46 - 0160350 ____A C:\Users\tommyg\Downloads\JavaRa.zip
2012-01-09 14:46 - 2012-01-09 14:46 - 0160350 ____A C:\Documents and Settings\tommyg\Downloads\JavaRa.zip
2012-01-09 14:44 - 2012-01-09 14:44 - 0004117 ____A C:\Windows\System32\jupdate-1.6.0_30-b12.log
2012-01-09 14:44 - 2011-04-11 08:18 - 0000000 ____D C:\Program Files\Java
2012-01-09 14:42 - 2012-01-09 14:42 - 0910112 ____A (Sun Microsystems, Inc.) C:\Users\tommyg\Downloads\jxpiinstall(2).exe
2012-01-09 14:42 - 2012-01-09 14:42 - 0910112 ____A (Sun Microsystems, Inc.) C:\Documents and Settings\tommyg\Downloads\jxpiinstall(2).exe
2012-01-09 14:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At30.job
2012-01-09 14:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At29.job
2012-01-09 14:04 - 2011-04-02 17:20 - 0000000 ____D C:\Users\Public\entropia universe
2012-01-09 14:04 - 2011-04-02 17:20 - 0000000 ____D C:\Documents and Settings\Public\entropia universe
2012-01-09 12:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At26.job
2012-01-09 12:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At25.job
2012-01-09 12:03 - 2012-01-09 12:03 - 0002148 ____A C:\Users\tommyg\Desktop\FSS.txt
2012-01-09 12:03 - 2012-01-09 12:03 - 0002148 ____A C:\Documents and Settings\tommyg\Desktop\FSS.txt
2012-01-09 11:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At24.job
2012-01-09 11:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At23.job
2012-01-09 11:19 - 2012-01-08 13:51 - 0002148 ____A C:\Users\tommyg\Downloads\FSS.txt
2012-01-09 11:19 - 2012-01-08 13:51 - 0002148 ____A C:\Documents and Settings\tommyg\Downloads\FSS.txt
2012-01-09 10:48 - 2011-04-11 08:17 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-01-09 08:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At18.job
2012-01-09 08:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At17.job
2012-01-09 07:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At16.job
2012-01-09 07:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At15.job
2012-01-09 06:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At14.job
2012-01-09 06:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At13.job
2012-01-09 05:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At12.job
2012-01-09 05:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At11.job
2012-01-09 04:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At10.job
2012-01-09 04:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At9.job
2012-01-09 03:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At8.job
2012-01-09 03:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At7.job
2012-01-09 02:37 - 2011-04-02 23:43 - 0870014 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-09 02:35 - 2009-07-14 02:04 - 0002577 ____A C:\Windows\System32\config.nt
2012-01-09 02:31 - 2009-07-14 02:37 - 0000000 ____D C:\Windows\tracing
2012-01-09 02:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At6.job
2012-01-09 02:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At5.job
2012-01-09 01:51 - 2012-01-08 13:34 - 0000000 ____D C:\Users\tommyg\Downloads\Seven
2012-01-09 01:51 - 2012-01-08 13:34 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Seven
2012-01-09 01:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At4.job
2012-01-09 01:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At3.job
2012-01-09 01:08 - 2012-01-09 01:08 - 3562624 ____A (Piriform Ltd) C:\Users\tommyg\Downloads\ccsetup314(1).exe
2012-01-09 01:08 - 2012-01-09 01:08 - 3562624 ____A (Piriform Ltd) C:\Documents and Settings\tommyg\Downloads\ccsetup314(1).exe
2012-01-09 01:08 - 2012-01-09 01:08 - 0000965 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-01-09 01:08 - 2012-01-09 01:08 - 0000965 ____A C:\Documents and Settings\Public\Desktop\CCleaner.lnk
2012-01-09 01:08 - 2012-01-09 01:08 - 0000000 ____D C:\Program Files\CCleaner
2012-01-09 01:08 - 2011-09-25 22:45 - 0000000 ____D C:\users\DefaultAppPool
2012-01-09 00:51 - 2012-01-09 00:51 - 0023646 ____A C:\Users\tommyg\Desktop\DDS.txt
2012-01-09 00:51 - 2012-01-09 00:51 - 0023646 ____A C:\Documents and Settings\tommyg\Desktop\DDS.txt
2012-01-09 00:44 - 2012-01-09 00:44 - 4713472 ____A (AVAST Software) C:\Users\tommyg\Downloads\aswMBR.exe
2012-01-09 00:44 - 2012-01-09 00:44 - 4713472 ____A (AVAST Software) C:\Documents and Settings\tommyg\Downloads\aswMBR.exe
2012-01-09 00:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At2.job
2012-01-09 00:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At1.job
2012-01-09 00:18 - 2012-01-09 00:18 - 0607260 ____R (Swearware) C:\Users\tommyg\Downloads\dds.scr
2012-01-09 00:18 - 2012-01-09 00:18 - 0607260 ____R (Swearware) C:\Documents and Settings\tommyg\Downloads\dds.scr
2012-01-09 00:13 - 2012-01-09 00:13 - 0001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-09 00:13 - 2012-01-09 00:13 - 0001067 ____A C:\Documents and Settings\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-09 00:13 - 2011-04-16 17:29 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-01-08 23:32 - 2012-01-08 23:31 - 0087748 ____A C:\TDSSKiller.2.6.25.0_08.01.2012_23.31.38_log.txt
2012-01-08 23:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At48.job
2012-01-08 23:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At47.job
2012-01-08 22:53 - 2012-01-08 22:48 - 0004848 ____A C:\shared.log
2012-01-08 22:38 - 2012-01-08 22:38 - 0084012 ____A C:\Users\tommyg\Downloads\gmer log.log
2012-01-08 22:38 - 2012-01-08 22:38 - 0084012 ____A C:\Documents and Settings\tommyg\Downloads\gmer log.log
2012-01-08 22:28 - 2012-01-08 22:28 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Moyea
2012-01-08 22:28 - 2012-01-08 22:28 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Moyea
2012-01-08 22:27 - 2012-01-08 22:27 - 0001102 ____A C:\Users\Public\Desktop\Moyea YouTube FLV Downloader.lnk
2012-01-08 22:27 - 2012-01-08 22:27 - 0001102 ____A C:\Documents and Settings\Public\Desktop\Moyea YouTube FLV Downloader.lnk
2012-01-08 22:27 - 2012-01-08 22:27 - 0000000 ____D C:\Program Files\Moyea
2012-01-08 22:26 - 2012-01-08 22:26 - 11938584 ____A (Moyea Software Co., LTD ) C:\Users\tommyg\Downloads\youtube_flv_downloader_install.exe
2012-01-08 22:26 - 2012-01-08 22:26 - 11938584 ____A (Moyea Software Co., LTD ) C:\Documents and Settings\tommyg\Downloads\youtube_flv_downloader_install.exe
2012-01-08 22:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At46.job
2012-01-08 22:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At45.job
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\FLV Extract
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\FLV Extract
2012-01-08 22:24 - 2012-01-08 22:24 - 0000000 ____D C:\Users\tommyg\Downloads\FLV_Extract_v1.6.2
2012-01-08 22:24 - 2012-01-08 22:24 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\FLV_Extract_v1.6.2
2012-01-08 22:22 - 2012-01-08 22:22 - 0082097 ____A C:\Users\tommyg\Downloads\FLV_Extract_v1.6.2.zip
2012-01-08 22:22 - 2012-01-08 22:22 - 0082097 ____A C:\Documents and Settings\tommyg\Downloads\FLV_Extract_v1.6.2.zip
2012-01-08 21:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At44.job
2012-01-08 21:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At43.job
2012-01-08 20:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At42.job
2012-01-08 20:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At41.job
2012-01-08 18:55 - 2011-06-05 21:31 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Skype
2012-01-08 18:55 - 2011-06-05 21:31 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Skype
2012-01-08 14:23 - 2009-07-14 02:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-01-08 13:49 - 2012-01-08 13:49 - 0334127 ____A C:\Users\tommyg\Desktop\FSS(1).exe
2012-01-08 13:49 - 2012-01-08 13:49 - 0334127 ____A C:\Documents and Settings\tommyg\Desktop\FSS(1).exe
2012-01-08 13:37 - 2009-07-14 02:37 - 0000000 ____D C:\Windows\Registration
2012-01-08 13:34 - 2012-01-08 13:34 - 0009993 ____A C:\Users\tommyg\Downloads\Seven.zip
2012-01-08 13:34 - 2012-01-08 13:34 - 0009993 ____A C:\Documents and Settings\tommyg\Downloads\Seven.zip
2012-01-08 13:32 - 2012-01-08 01:11 - 0594994 ____A C:\MGlogs.zip
2012-01-08 13:32 - 2012-01-08 00:20 - 0000000 ____D C:\MGtools
2012-01-08 13:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At28.job
2012-01-08 13:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At27.job
2012-01-08 10:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At22.job
2012-01-08 10:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At21.job
2012-01-08 09:26 - 2011-12-19 00:33 - 0000346 ____A C:\Windows\Tasks\At20.job
2012-01-08 09:26 - 2011-12-19 00:33 - 0000344 ____A C:\Windows\Tasks\At19.job
2012-01-08 02:24 - 2012-01-08 02:24 - 0001083 ____A C:\Users\tommyg\Documents - Shortcut.lnk
2012-01-08 02:24 - 2012-01-08 02:24 - 0001083 ____A C:\Documents and Settings\tommyg\Documents - Shortcut.lnk
2012-01-08 02:24 - 2011-04-02 23:37 - 0000000 ____D C:\users\tommyg
2012-01-08 02:23 - 2011-04-15 07:45 - 0000000 ____D C:\Users\tommyg\Documents\EVE
2012-01-08 02:23 - 2011-04-15 07:45 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\EVE
2012-01-08 02:04 - 2012-01-08 02:03 - 0000000 ___SD C:\ff15325f
2012-01-08 01:56 - 2012-01-08 01:56 - 0347920 ____A (Microsoft Corporation) C:\Users\tommyg\Downloads\MicrosoftFixit.wu.Run(1).exe
2012-01-08 01:56 - 2012-01-08 01:56 - 0347920 ____A (Microsoft Corporation) C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit.wu.Run(1).exe
2012-01-08 00:58 - 2012-01-08 00:56 - 0000000 ____D C:\Users\tommyg\Desktop\MiniRegTool
2012-01-08 00:58 - 2012-01-08 00:56 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\MiniRegTool
2012-01-08 00:54 - 2011-10-06 01:54 - 0000000 ____D C:\Program Files\Shutdown Monster
2012-01-08 00:54 - 2011-04-02 17:58 - 0109976 ____A C:\Users\tommyg\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-08 00:54 - 2011-04-02 17:58 - 0109976 ____A C:\Documents and Settings\tommyg\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-08 00:52 - 2009-07-14 04:33 - 0411784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-01-08 00:51 - 2012-01-08 00:45 - 0181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2012-01-08 00:43 - 2012-01-08 00:43 - 0786766 ____A C:\Users\tommyg\Downloads\tweaking.com_windows_repair_aio.zip
2012-01-08 00:43 - 2012-01-08 00:43 - 0786766 ____A C:\Documents and Settings\tommyg\Downloads\tweaking.com_windows_repair_aio.zip
2012-01-08 00:40 - 2011-04-02 23:37 - 0000000 ____D C:\Users\tommyg\AppData\Local\VirtualStore
2012-01-08 00:40 - 2011-04-02 23:37 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\VirtualStore
2012-01-08 00:35 - 2012-01-08 00:35 - 1091646 ____A C:\Users\tommyg\Downloads\MiniRegTool.zip
2012-01-08 00:35 - 2012-01-08 00:35 - 1091646 ____A C:\Documents and Settings\tommyg\Downloads\MiniRegTool.zip
2012-01-08 00:19 - 2012-01-08 00:19 - 2448941 ____A C:\Users\tommyg\Downloads\MGtools.exe
2012-01-08 00:19 - 2012-01-08 00:19 - 2448941 ____A C:\Documents and Settings\tommyg\Downloads\MGtools.exe
2012-01-08 00:14 - 2012-01-08 00:14 - 0000960 ____A C:\Users\tommyg\Desktop\tg.reg
2012-01-08 00:14 - 2012-01-08 00:14 - 0000960 ____A C:\Documents and Settings\tommyg\Desktop\tg.reg
2012-01-08 00:11 - 2012-01-08 00:11 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{f6df8adc-398b-11e1-8ab3-0019dba6256d}.TxR.blf
2012-01-08 00:00 - 2012-01-08 00:00 - 0229548 ____A C:\Users\tommyg\Downloads\1055.BFE.reg
2012-01-08 00:00 - 2012-01-08 00:00 - 0229548 ____A C:\Documents and Settings\tommyg\Downloads\1055.BFE.reg
2012-01-07 23:57 - 2012-01-07 23:57 - 0677376 ____A C:\Users\tommyg\Downloads\MicrosoftFixit50687.msi
2012-01-07 23:57 - 2012-01-07 23:57 - 0677376 ____A C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit50687.msi
2012-01-07 23:56 - 2011-04-16 22:21 - 0000000 ____D C:\Users\tommyg\AppData\Local\ElevatedDiagnostics
2012-01-07 23:56 - 2011-04-16 22:21 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\ElevatedDiagnostics
2012-01-07 23:54 - 2012-01-07 23:54 - 0347920 ____A (Microsoft Corporation) C:\Users\tommyg\Downloads\MicrosoftFixit.wu.Run.exe
2012-01-07 23:54 - 2012-01-07 23:54 - 0347920 ____A (Microsoft Corporation) C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit.wu.Run.exe
2012-01-07 22:19 - 2012-01-07 22:19 - 0334127 ____A C:\Users\tommyg\Downloads\FSS.exe
2012-01-07 22:19 - 2012-01-07 22:19 - 0334127 ____A C:\Documents and Settings\tommyg\Downloads\FSS.exe
2012-01-07 21:51 - 2012-01-07 21:51 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 21:51 - 2012-01-07 21:51 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\SUPERAntiSpyware.com
2012-01-07 21:51 - 2012-01-07 21:50 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-01-07 21:50 - 2012-01-07 21:50 - 0001961 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-01-07 21:50 - 2012-01-07 21:50 - 0001961 ____A C:\Documents and Settings\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Documents and Settings\All Users\SUPERAntiSpyware.com
2012-01-07 21:50 - 2012-01-07 21:50 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-07 21:49 - 2012-01-07 21:47 - 13913696 ____A (SUPERAntiSpyware.com) C:\Users\tommyg\Downloads\SUPERAntiSpyware.exe
2012-01-07 21:49 - 2012-01-07 21:47 - 13913696 ____A (SUPERAntiSpyware.com) C:\Documents and Settings\tommyg\Downloads\SUPERAntiSpyware.exe
2012-01-07 21:33 - 2012-01-07 21:33 - 0650240 ____A C:\Users\tommyg\Downloads\MicrosoftFixit50203.msi
2012-01-07 21:33 - 2012-01-07 21:33 - 0650240 ____A C:\Documents and Settings\tommyg\Downloads\MicrosoftFixit50203.msi
2012-01-07 18:32 - 2011-06-13 07:35 - 0007599 ____A C:\Users\tommyg\AppData\Local\Resmon.ResmonCfg
2012-01-07 18:32 - 2011-06-13 07:35 - 0007599 ____A C:\Documents and Settings\tommyg\AppData\Local\Resmon.ResmonCfg
2012-01-07 17:29 - 2012-01-07 10:35 - 0001945 ____A C:\Windows\epplauncher.mif
2012-01-07 17:28 - 2009-07-14 02:37 - 0000000 ___HD C:\Windows\System32\GroupPolicy
2012-01-07 17:23 - 2011-09-11 14:35 - 0000000 ____D C:\Program Files\Landwirtschafts Simulator 2011
2012-01-07 17:20 - 2012-01-04 23:20 - 1103302 ____A C:\Windows\ntbtlog.txt
2012-01-07 16:38 - 2009-07-14 02:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-07 16:37 - 2012-01-07 16:36 - 0013512 ____A C:\Users\tommyg\Desktop\MBRCheck_01.07.12_16.36.55.txt
2012-01-07 16:37 - 2012-01-07 16:36 - 0013512 ____A C:\Documents and Settings\tommyg\Desktop\MBRCheck_01.07.12_16.36.55.txt
2012-01-07 16:20 - 2012-01-07 16:20 - 0001820 ____A C:\TDSSKiller.2.6.25.0_07.01.2012_16.20.20_log.txt
2012-01-07 16:12 - 2012-01-07 10:28 - 0000059 ____A C:\Users\tommyg\Desktop\pbuser.htm
2012-01-07 16:12 - 2012-01-07 10:28 - 0000059 ____A C:\Documents and Settings\tommyg\Desktop\pbuser.htm
2012-01-07 15:47 - 2012-01-07 12:30 - 0013383 ____A C:\Users\tommyg\Downloads\pbgame.htm
2012-01-07 15:47 - 2012-01-07 12:30 - 0013383 ____A C:\Documents and Settings\tommyg\Downloads\pbgame.htm
2012-01-07 12:45 - 2012-01-07 12:30 - 0000059 ____A C:\Users\tommyg\Downloads\pbuser.htm
2012-01-07 12:45 - 2012-01-07 12:30 - 0000059 ____A C:\Documents and Settings\tommyg\Downloads\pbuser.htm
2012-01-07 12:30 - 2012-01-07 12:30 - 0846336 ____A C:\Users\tommyg\Downloads\pbsetup.exe
2012-01-07 12:30 - 2012-01-07 12:30 - 0846336 ____A C:\Documents and Settings\tommyg\Downloads\pbsetup.exe
2012-01-07 11:38 - 2011-04-12 17:04 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\TS3Client
2012-01-07 11:38 - 2011-04-12 17:04 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\TS3Client
2012-01-07 11:38 - 2011-04-11 07:14 - 0000000 ____D C:\Program Files\Steam
2012-01-07 11:38 - 2011-04-02 18:36 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\DAEMON Tools Lite
2012-01-07 11:38 - 2011-04-02 18:36 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\DAEMON Tools Lite
2012-01-07 11:29 - 2012-01-07 11:29 - 3562624 ____A (Piriform Ltd) C:\Users\tommyg\Downloads\ccsetup314.exe
2012-01-07 11:29 - 2012-01-07 11:29 - 3562624 ____A (Piriform Ltd) C:\Documents and Settings\tommyg\Downloads\ccsetup314.exe
2012-01-07 10:40 - 2012-01-07 10:40 - 0000000 ____D C:\3da6d3f8aa9c540bbda9eb2d891d
2012-01-07 10:34 - 2012-01-07 10:34 - 0254152 ____A (Secure By Design Inc.) C:\Users\tommyg\Downloads\Ninite Avast Essentials Super Installer.exe
2012-01-07 10:34 - 2012-01-07 10:34 - 0254152 ____A (Secure By Design Inc.) C:\Documents and Settings\tommyg\Downloads\Ninite Avast Essentials Super Installer.exe
2012-01-07 10:24 - 2011-05-21 18:19 - 0000000 ____A C:\Windows\System32\Access.dat
2012-01-07 10:07 - 2012-01-07 10:07 - 0000000 ____D C:\Windows\System32\htm
2012-01-07 09:53 - 2012-01-07 09:53 - 0000000 ____D C:\Windows\System32\pb
2012-01-07 09:49 - 2012-01-07 10:07 - 0001916 ____A C:\Windows\System32\pbcl.log
2012-01-07 09:47 - 2012-01-07 10:07 - 0005499 ____A C:\Windows\System32\pbcl.db
2012-01-07 09:46 - 2012-01-07 10:07 - 0425984 ____A C:\Windows\System32\pbsv.dll
2012-01-07 09:45 - 2012-01-07 10:07 - 0942907 ____A C:\Windows\System32\pbcls.dll
2012-01-07 09:45 - 2012-01-07 10:07 - 0942907 ____A C:\Windows\System32\pbcl.dll
2012-01-07 09:45 - 2012-01-07 10:07 - 0057344 ____A C:\Windows\System32\pbags.dll
2012-01-07 09:45 - 2012-01-07 10:07 - 0057344 ____A C:\Windows\System32\pbag.dll
2012-01-07 09:31 - 2011-09-17 20:59 - 0002286 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-01-07 09:31 - 2011-09-17 20:59 - 0002286 ____A C:\Documents and Settings\Public\Desktop\Google Chrome.lnk
2012-01-07 01:05 - 2012-01-07 15:31 - 0840264 ____A C:\Windows\System32\pbsvc.exe
2012-01-07 01:05 - 2012-01-07 01:05 - 0840264 ____A C:\Users\tommyg\Desktop\pbsvc.exe
2012-01-07 01:05 - 2012-01-07 01:05 - 0840264 ____A C:\Documents and Settings\tommyg\Desktop\pbsvc.exe
2012-01-07 00:12 - 2011-07-26 17:33 - 0000000 ____D C:\Program Files\Simple Port Forwarding
2012-01-06 23:33 - 2012-01-06 18:44 - 0000000 ____D C:\Users\tommyg\Downloads\pbsetup
2012-01-06 23:33 - 2012-01-06 18:44 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\pbsetup
2012-01-06 17:59 - 2012-01-06 17:59 - 0735889 ____A C:\Users\tommyg\Downloads\pbsetup.zip
2012-01-06 17:59 - 2012-01-06 17:59 - 0735889 ____A C:\Documents and Settings\tommyg\Downloads\pbsetup.zip
2012-01-06 17:34 - 2012-01-07 10:07 - 0942907 ____A C:\Windows\System32\pbclold.dll
2012-01-06 17:12 - 2011-05-17 16:45 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-01-06 17:12 - 2011-05-17 16:45 - 0000000 ____D C:\Users\All Users\Application Data\boost_interprocess
2012-01-06 17:12 - 2011-05-17 16:45 - 0000000 ____D C:\ProgramData\boost_interprocess
2012-01-06 17:12 - 2011-05-17 16:45 - 0000000 ____D C:\Documents and Settings\All Users\boost_interprocess
2012-01-06 17:12 - 2011-05-17 16:45 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\boost_interprocess
2012-01-06 13:30 - 2012-01-06 13:27 - 0000000 ____D C:\Users\tommyg\Desktop\lt3.0
2012-01-06 13:30 - 2012-01-06 13:27 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\lt3.0
2012-01-06 13:27 - 2012-01-06 13:27 - 0000000 ____D C:\Users\tommyg\Desktop\JungleFlasher v0.1.91 Beta (300)
2012-01-06 13:27 - 2012-01-06 13:27 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\JungleFlasher v0.1.91 Beta (300)
2012-01-06 13:27 - 2012-01-06 13:26 - 9003229 ____A C:\Users\tommyg\Downloads\JungleFlasher.0.1.91.Beta(300).rar
2012-01-06 13:27 - 2012-01-06 13:26 - 9003229 ____A C:\Documents and Settings\tommyg\Downloads\JungleFlasher.0.1.91.Beta(300).rar
2012-01-06 13:27 - 2012-01-06 13:26 - 12631271 ____A C:\Users\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack(2).rar
2012-01-06 13:27 - 2012-01-06 13:26 - 12631271 ____A C:\Documents and Settings\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack(2).rar
2012-01-06 12:02 - 2012-01-06 12:02 - 0302592 ____A C:\Users\tommyg\Desktop\gcnspqi8.exe
2012-01-06 12:02 - 2012-01-06 12:02 - 0302592 ____A C:\Documents and Settings\tommyg\Desktop\gcnspqi8.exe
2012-01-06 11:59 - 2012-01-06 11:59 - 0000000 ____D C:\Program Files\AVAST Software
2012-01-06 11:57 - 2012-01-06 11:56 - 64207032 ____A C:\Users\tommyg\Downloads\setup_av_free_cnet.exe
2012-01-06 11:57 - 2012-01-06 11:56 - 64207032 ____A C:\Documents and Settings\tommyg\Downloads\setup_av_free_cnet.exe
2012-01-06 02:20 - 2012-01-06 02:19 - 0089184 ____A C:\TDSSKiller.2.6.25.0_06.01.2012_02.19.02_log.txt
2012-01-06 02:19 - 2012-01-06 02:18 - 0085918 ____A C:\TDSSKiller.2.6.25.0_06.01.2012_02.18.34_log.txt
2012-01-06 02:15 - 2012-01-06 02:15 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS(3).exe
2012-01-06 02:15 - 2012-01-06 02:15 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS(3).exe
2012-01-06 00:53 - 2012-01-06 00:53 - 0014461 ____A C:\Users\tommyg\Desktop\MBRCheck_01.06.12_00.53.33.txt
2012-01-06 00:53 - 2012-01-06 00:53 - 0014461 ____A C:\Documents and Settings\tommyg\Desktop\MBRCheck_01.06.12_00.53.33.txt
2012-01-06 00:52 - 2012-01-06 00:52 - 0080384 ____A C:\Users\tommyg\Downloads\MBRCheck.exe
2012-01-06 00:52 - 2012-01-06 00:52 - 0080384 ____A C:\Documents and Settings\tommyg\Downloads\MBRCheck.exe
2012-01-06 00:50 - 2012-01-06 00:50 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS(2).exe
2012-01-06 00:50 - 2012-01-06 00:50 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS(2).exe
2012-01-06 00:42 - 2012-01-06 00:37 - 0086230 ____A C:\TDSSKiller.2.6.25.0_06.01.2012_00.37.30_log.txt
2012-01-06 00:35 - 2012-01-06 00:35 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\tommyg\Downloads\tdsskiller(1).exe
2012-01-06 00:35 - 2012-01-06 00:35 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tommyg\Downloads\tdsskiller(1).exe
2012-01-05 23:57 - 2012-01-05 23:57 - 0135568 ____A C:\Windows\Minidump\010512-22339-01.dmp
2012-01-05 23:57 - 2011-05-25 11:47 - 0000000 ____D C:\Windows\Minidump
2012-01-05 23:54 - 2012-01-05 23:54 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS(1).exe
2012-01-05 23:54 - 2012-01-05 23:54 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS(1).exe
2012-01-05 23:53 - 2012-01-05 23:53 - 1932256 ____A (Symantec Corporation) C:\Users\tommyg\Downloads\FixTDSS.exe
2012-01-05 23:53 - 2012-01-05 23:53 - 1932256 ____A (Symantec Corporation) C:\Documents and Settings\tommyg\Downloads\FixTDSS.exe
2012-01-05 23:43 - 2012-01-05 23:43 - 0302592 ____A C:\Users\tommyg\Downloads\mqhqwwfn.exe
2012-01-05 23:43 - 2012-01-05 23:43 - 0302592 ____A C:\Documents and Settings\tommyg\Downloads\mqhqwwfn.exe
2012-01-05 23:36 - 2012-01-05 23:34 - 0000000 ___SD C:\ff
2012-01-05 22:07 - 2011-06-09 22:10 - 0000000 ____D C:\Users\tommyg\Downloads\v1.106
2012-01-05 22:07 - 2011-06-09 22:10 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\v1.106
2012-01-05 21:12 - 2012-01-05 21:12 - 2322184 ____A (ESET) C:\Users\tommyg\Downloads\esetsmartinstaller_enu(1).exe
2012-01-05 21:12 - 2012-01-05 21:12 - 2322184 ____A (ESET) C:\Documents and Settings\tommyg\Downloads\esetsmartinstaller_enu(1).exe
2012-01-05 19:59 - 2011-06-09 23:28 - 0000000 ____D C:\Users\tommyg\Downloads\A2Uploader_22-09-2009
2012-01-05 19:59 - 2011-06-09 23:28 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\A2Uploader_22-09-2009
2012-01-05 19:59 - 2011-06-09 22:53 - 0000000 ____D C:\Users\tommyg\Downloads\a2uploader
2012-01-05 19:59 - 2011-06-09 22:53 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\a2uploader
2012-01-05 18:21 - 2011-04-09 20:03 - 0000000 ____D C:\Users\tommyg\AppData\Local\enDEE
2012-01-05 18:21 - 2011-04-09 20:03 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\enDEE
2012-01-05 18:08 - 2012-01-05 18:08 - 2322184 ____A (ESET) C:\Users\tommyg\Downloads\esetsmartinstaller_enu.exe
2012-01-05 18:08 - 2012-01-05 18:08 - 2322184 ____A (ESET) C:\Documents and Settings\tommyg\Downloads\esetsmartinstaller_enu.exe
2012-01-05 18:07 - 2012-01-05 18:06 - 1008141 ____A C:\Users\tommyg\Downloads\rkill.com
2012-01-05 18:07 - 2012-01-05 18:06 - 1008141 ____A C:\Documents and Settings\tommyg\Downloads\rkill.com
2012-01-05 14:51 - 2012-01-05 14:51 - 1558406 ____A C:\Users\tommyg\Downloads\tdsskiller(1).zip
2012-01-05 14:51 - 2012-01-05 14:51 - 1558406 ____A C:\Documents and Settings\tommyg\Downloads\tdsskiller(1).zip
2012-01-05 14:51 - 2012-01-05 14:49 - 0175346 ____A C:\TDSSKiller.2.6.25.0_05.01.2012_14.49.07_log.txt
2012-01-05 14:49 - 2012-01-05 14:48 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\tommyg\Downloads\tdsskiller.exe
2012-01-05 14:49 - 2012-01-05 14:48 - 1578288 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\tommyg\Downloads\tdsskiller.exe
2012-01-04 23:21 - 2012-01-04 23:21 - 0085914 ____A C:\TDSSKiller.2.6.25.0_04.01.2012_23.21.14_log.txt
2012-01-04 23:21 - 2012-01-04 23:21 - 0000000 ____D C:\Users\tommyg\Downloads\tdsskiller
2012-01-04 23:21 - 2012-01-04 23:21 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\tdsskiller
2012-01-04 23:00 - 2012-01-04 23:00 - 4370643 ____R (Swearware) C:\Users\tommyg\Downloads\ComboFix.exe
2012-01-04 23:00 - 2012-01-04 23:00 - 4370643 ____R (Swearware) C:\Documents and Settings\tommyg\Downloads\ComboFix.exe
2012-01-04 22:54 - 2012-01-04 22:52 - 0173716 ____A C:\TDSSKiller.2.6.25.0_04.01.2012_22.52.05_log.txt
2012-01-04 22:51 - 2012-01-04 22:51 - 1558406 ____A C:\Users\tommyg\Downloads\tdsskiller.zip
2012-01-04 22:51 - 2012-01-04 22:51 - 1558406 ____A C:\Documents and Settings\tommyg\Downloads\tdsskiller.zip
2012-01-04 21:38 - 2012-01-07 10:07 - 0000112 ____A C:\Windows\System32\pbns_c.dat
2012-01-04 12:50 - 2011-10-05 23:56 - 0000000 ____D C:\Users\tommyg\Desktop\lbml
2012-01-04 12:50 - 2011-10-05 23:56 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\lbml
2012-01-03 15:21 - 2009-07-14 04:53 - 0032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-03 12:46 - 2012-01-03 12:46 - 0000000 ____D C:\Program Files\X3 map by Scorp
2012-01-03 12:45 - 2012-01-03 12:45 - 1460143 ____A C:\Users\tommyg\Downloads\X3_map_Setup_TCE.zip
2012-01-03 12:45 - 2012-01-03 12:45 - 1460143 ____A C:\Documents and Settings\tommyg\Downloads\X3_map_Setup_TCE.zip
2012-01-02 18:05 - 2012-01-02 18:05 - 0004551 ____A C:\Users\tommyg\Downloads\bskyb.cfg
2012-01-02 18:05 - 2012-01-02 18:05 - 0004551 ____A C:\Documents and Settings\tommyg\Downloads\bskyb.cfg
2012-01-02 18:03 - 2012-01-02 18:02 - 0000000 ____D C:\Users\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2
2012-01-02 18:03 - 2012-01-02 18:02 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2
2012-01-02 18:02 - 2012-01-02 18:00 - 58802102 ____A C:\Users\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2.zip
2012-01-02 18:02 - 2012-01-02 18:00 - 58802102 ____A C:\Documents and Settings\tommyg\Downloads\DG934G-1SKUKS_V2.03.21_src.tar.bz2.zip
2011-12-30 23:40 - 2011-12-30 23:40 - 0143432 ____A C:\Windows\Minidump\123011-24304-01.dmp
2011-12-29 22:47 - 2009-07-14 02:04 - 0000521 ____A C:\Windows\win.ini
2011-12-29 20:57 - 2011-09-25 17:01 - 0000000 ____D C:\Users\tommyg\Documents\Entropia Tracker
2011-12-29 20:57 - 2011-09-25 17:01 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Entropia Tracker
2011-12-29 20:56 - 2011-04-30 11:18 - 0000000 ____D C:\Users\tommyg\AppData\Local\Deployment
2011-12-29 20:56 - 2011-04-30 11:18 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Deployment
2011-12-28 23:18 - 2011-04-18 10:41 - 0000000 ____D C:\Users\All Users\DivX
2011-12-28 23:18 - 2011-04-18 10:41 - 0000000 ____D C:\Users\All Users\Application Data\DivX
2011-12-28 23:18 - 2011-04-18 10:41 - 0000000 ____D C:\ProgramData\DivX
2011-12-28 23:18 - 2011-04-18 10:41 - 0000000 ____D C:\Documents and Settings\All Users\DivX
2011-12-28 23:18 - 2011-04-18 10:41 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2011-12-28 20:39 - 2011-04-09 11:15 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Xfire
2011-12-28 20:39 - 2011-04-09 11:15 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Xfire
2011-12-28 12:55 - 2011-12-28 12:55 - 0000000 ____D C:\Users\tommyg\Documents\Hitman Blood Money
2011-12-28 12:55 - 2011-12-28 12:55 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Hitman Blood Money
2011-12-28 12:41 - 2011-12-28 12:41 - 0000958 ____A C:\Users\Public\Desktop\Launch Hitman Blood Money.lnk
2011-12-28 12:41 - 2011-12-28 12:41 - 0000958 ____A C:\Documents and Settings\Public\Desktop\Launch Hitman Blood Money.lnk
2011-12-28 12:41 - 2011-12-28 12:41 - 0000000 ____D C:\Program Files\Eidos
2011-12-28 12:41 - 2011-04-10 17:08 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-12-25 20:50 - 2011-12-25 19:16 - 0000000 ____D C:\Users\tommyg\AppData\Local\ESN Sonar
2011-12-25 20:50 - 2011-12-25 19:16 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\ESN Sonar
2011-12-24 11:26 - 2011-12-22 20:01 - 208091136 ____A C:\Users\tommyg\Downloads\HBM.iso
2011-12-24 11:26 - 2011-12-22 20:01 - 208091136 ____A C:\Documents and Settings\tommyg\Downloads\HBM.iso
2011-12-22 23:46 - 2011-09-05 14:03 - 0000000 ____D C:\Fraps
2011-12-22 18:21 - 2009-07-14 04:52 - 0000000 ____D C:\Windows\twain_32
2011-12-22 15:56 - 2011-08-16 17:55 - 0000000 ____D C:\Users\tommyg\Downloads\xbins
2011-12-22 15:56 - 2011-08-16 17:55 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\xbins
2011-12-22 15:56 - 2011-06-13 21:44 - 0000000 ____D C:\Users\tommyg\Downloads\Star.Shipping.Inc.v1.008.full-THETA
2011-12-22 15:56 - 2011-06-13 21:44 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Star.Shipping.Inc.v1.008.full-THETA
2011-12-21 18:59 - 2009-07-14 02:37 - 0000000 ____D C:\Windows\rescache
2011-12-20 18:24 - 2011-12-20 18:18 - 0000000 ____D C:\Users\tommyg\Documents\alans wedding
2011-12-20 18:24 - 2011-12-20 18:18 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\alans wedding
2011-12-20 18:17 - 2011-09-17 20:59 - 0000000 ____D C:\Users\tommyg\AppData\Local\Google
2011-12-20 18:17 - 2011-09-17 20:59 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Google
2011-12-20 12:19 - 2011-04-02 17:19 - 0000000 ___AD C:\Program Files\Entropia Universe
2011-12-19 18:47 - 2009-07-14 07:49 - 0000000 ____D C:\Windows\CSC
2011-12-19 18:44 - 2011-12-19 04:32 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Eha
2011-12-19 18:44 - 2011-12-19 04:32 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Eha
2011-12-19 18:44 - 2009-07-14 02:37 - 0000000 ___RD C:\users\Public
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Users\All Users\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Users\All Users\Application Data\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\ProgramData\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Documents and Settings\All Users\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-19 13:49 - 0000000 ____A C:\Documents and Settings\All Users\Application Data\We3oh15q.exe.b
2011-12-19 13:49 - 2011-12-16 23:59 - 0000000 ____D C:\Users\tommyg\Downloads\X3.Albion.Prelude-SKIDROW
2011-12-19 13:49 - 2011-12-16 23:59 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\X3.Albion.Prelude-SKIDROW
2011-12-19 04:33 - 2011-12-19 04:32 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Qiq
2011-12-19 04:33 - 2011-12-19 04:32 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Qiq
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default\Start Menu\Programs\Startup\desktop.ini

smokeymac · Jan 9, 2012

2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default User\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
2011-12-19 04:32 - 2011-12-19 04:32 - 0000174 ___SH C:\Documents and Settings\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-19 01:09 - 2011-12-19 01:09 - 0000000 ____D C:\Users\tommyg\Documents\Egosoft
2011-12-19 01:09 - 2011-12-19 01:09 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Egosoft
2011-12-19 01:05 - 2011-04-22 08:55 - 0000000 ____D C:\Users\tommyg\AppData\Local\SKIDROW
2011-12-19 01:05 - 2011-04-22 08:55 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\SKIDROW
2011-12-19 00:35 - 2011-12-19 00:35 - 0000000 ____A C:\Windows\System32\gPEyO.com.b
2011-12-19 00:35 - 2011-12-19 00:33 - 0000112 ____A C:\Users\All Users\Application Data\70fkeN.dat
2011-12-19 00:35 - 2011-12-19 00:33 - 0000112 ____A C:\Users\All Users\70fkeN.dat
2011-12-19 00:35 - 2011-12-19 00:33 - 0000112 ____A C:\ProgramData\70fkeN.dat
2011-12-19 00:35 - 2011-12-19 00:33 - 0000112 ____A C:\Documents and Settings\All Users\Application Data\70fkeN.dat
2011-12-19 00:35 - 2011-12-19 00:33 - 0000112 ____A C:\Documents and Settings\All Users\70fkeN.dat
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Users\Public\Desktop\X3 Terran Conflict.lnk
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Users\Public\Desktop\X3 Albion Prelude.lnk
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Documents and Settings\Public\Desktop\X3 Terran Conflict.lnk
2011-12-19 00:34 - 2011-12-19 00:34 - 0002018 ____A C:\Documents and Settings\Public\Desktop\X3 Albion Prelude.lnk
2011-12-19 00:22 - 2011-07-31 22:00 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-12-19 00:22 - 2011-06-14 06:27 - 0000000 ____D C:\Program Files\EGOSOFT
2011-12-19 00:21 - 2011-12-19 00:21 - 0000000 ____A C:\Users\tommyg\AppData\Roaming\eejQt.txt
2011-12-19 00:21 - 2011-12-19 00:21 - 0000000 ____A C:\Documents and Settings\tommyg\AppData\Roaming\eejQt.txt
2011-12-18 13:30 - 2011-04-09 11:15 - 0000000 ____D C:\Users\All Users\Xfire
2011-12-18 13:30 - 2011-04-09 11:15 - 0000000 ____D C:\Users\All Users\Application Data\Xfire
2011-12-18 13:30 - 2011-04-09 11:15 - 0000000 ____D C:\ProgramData\Xfire
2011-12-18 13:30 - 2011-04-09 11:15 - 0000000 ____D C:\Documents and Settings\All Users\Xfire
2011-12-18 13:30 - 2011-04-09 11:15 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Xfire
2011-12-17 12:48 - 2011-12-17 12:48 - 0003798 ____A C:\Users\tommyg\Desktop\Skills_20111217_124814.csv
2011-12-17 12:48 - 2011-12-17 12:48 - 0003798 ____A C:\Documents and Settings\tommyg\Desktop\Skills_20111217_124814.csv
2011-12-17 12:43 - 2011-09-18 10:57 - 0000000 ____D C:\Users\tommyg\Downloads\Scanner42
2011-12-17 12:43 - 2011-09-18 10:57 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Scanner42
2011-12-17 10:23 - 2011-04-09 20:02 - 0000000 ____D C:\Program Files\uTorrent
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Users\All Users\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Users\All Users\Application Data\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\ProgramData\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Documents and Settings\All Users\RELOADED
2011-12-16 23:53 - 2011-12-16 23:53 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\RELOADED
2011-12-16 23:51 - 2011-12-16 23:51 - 0001564 ____A C:\Users\Public\Desktop\Flatout 3.lnk
2011-12-16 23:51 - 2011-12-16 23:51 - 0001564 ____A C:\Documents and Settings\Public\Desktop\Flatout 3.lnk
2011-12-16 23:38 - 2011-04-24 22:29 - 0000000 ____D C:\Games
2011-12-16 21:42 - 2011-12-16 21:42 - 0000000 ____D C:\Program Files\Battlelog Web Plugins
2011-12-16 21:41 - 2011-12-16 21:41 - 3840632 ____A C:\Users\tommyg\Downloads\battlelog-web-plugins-1.104.0-retail-prod.exe
2011-12-16 21:41 - 2011-12-16 21:41 - 3840632 ____A C:\Documents and Settings\tommyg\Downloads\battlelog-web-plugins-1.104.0-retail-prod.exe
2011-12-16 21:36 - 2011-12-16 21:36 - 0001128 ____A C:\Users\Public\Desktop\Battlefield 3.lnk
2011-12-16 21:36 - 2011-12-16 21:36 - 0001128 ____A C:\Documents and Settings\Public\Desktop\Battlefield 3.lnk
2011-12-16 21:36 - 2011-12-16 16:28 - 0000000 ____D C:\Users\All Users\Origin
2011-12-16 21:36 - 2011-12-16 16:28 - 0000000 ____D C:\Users\All Users\Application Data\Origin
2011-12-16 21:36 - 2011-12-16 16:28 - 0000000 ____D C:\ProgramData\Origin
2011-12-16 21:36 - 2011-12-16 16:28 - 0000000 ____D C:\Documents and Settings\All Users\Origin
2011-12-16 21:36 - 2011-12-16 16:28 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Origin
2011-12-16 16:32 - 2011-12-16 16:28 - 0000000 ____D C:\Program Files\Origin Games
2011-12-16 16:30 - 2011-12-16 16:29 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Origin
2011-12-16 16:30 - 2011-12-16 16:29 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Origin
2011-12-16 16:29 - 2011-12-16 16:29 - 0000937 ____A C:\Users\Public\Desktop\Origin.lnk
2011-12-16 16:29 - 2011-12-16 16:29 - 0000937 ____A C:\Documents and Settings\Public\Desktop\Origin.lnk
2011-12-16 16:29 - 2011-12-16 16:29 - 0000000 ____D C:\Users\tommyg\AppData\Local\Origin
2011-12-16 16:29 - 2011-12-16 16:29 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Origin
2011-12-16 16:28 - 2011-12-16 16:28 - 0000000 ____D C:\Program Files\Origin
2011-12-16 16:28 - 2011-09-27 10:18 - 0001044 ____A C:\Windows\KB893803v2.log
2011-12-16 16:25 - 2011-12-16 16:24 - 48141056 ____A (Electronic Arts, Inc.) C:\Users\tommyg\Downloads\OriginSetup(1).exe
2011-12-16 16:25 - 2011-12-16 16:24 - 48141056 ____A (Electronic Arts, Inc.) C:\Documents and Settings\tommyg\Downloads\OriginSetup(1).exe
2011-12-16 12:19 - 2011-04-02 17:19 - 0000000 ____D C:\Users\tommyg\Documents\Entropia Universe
2011-12-16 12:19 - 2011-04-02 17:19 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Entropia Universe
2011-12-16 11:17 - 2011-12-16 11:17 - 0000000 ____D C:\Users\tommyg\Downloads\miss_entropia_2012_jpegs
2011-12-16 11:17 - 2011-12-16 11:17 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\miss_entropia_2012_jpegs
2011-12-16 11:16 - 2011-12-16 11:13 - 45747936 ____A C:\Users\tommyg\Downloads\miss_entropia_2012_jpegs.rar
2011-12-16 11:16 - 2011-12-16 11:13 - 45747936 ____A C:\Documents and Settings\tommyg\Downloads\miss_entropia_2012_jpegs.rar
2011-12-15 15:04 - 2011-04-09 11:15 - 0000000 ____D C:\Program Files\Xfire
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Users\All Users\ATI
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Users\All Users\Application Data\ATI
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\ProgramData\ATI
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Documents and Settings\All Users\ATI
2011-12-15 11:45 - 2011-12-15 11:45 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\ATI
2011-12-15 11:43 - 2011-12-15 11:43 - 0000000 ____D C:\Program Files\AMD APP
2011-12-15 11:42 - 2011-04-12 09:31 - 0000000 ____D C:\Program Files\ATI Technologies
2011-12-15 11:41 - 2009-07-14 02:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-12-15 04:39 - 2011-12-15 04:39 - 0042392 ____A C:\Windows\System32\xfcodec.dll
2011-12-15 03:09 - 2011-07-09 12:18 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-15 03:09 - 2011-07-09 12:18 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2011-12-15 03:09 - 2011-07-09 12:18 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-15 03:09 - 2011-07-09 12:18 - 0000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2011-12-15 03:09 - 2011-07-09 12:18 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-12-15 03:05 - 2011-04-02 16:00 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-12 13:26 - 2011-12-12 13:26 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\NCH Software
2011-12-12 13:26 - 2011-12-12 13:26 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\NCH Software
2011-12-12 13:23 - 2011-07-19 11:25 - 0001122 ____A C:\Users\Public\Desktop\Pixillion Image Converter.lnk
2011-12-12 13:23 - 2011-07-19 11:25 - 0001122 ____A C:\Documents and Settings\Public\Desktop\Pixillion Image Converter.lnk
2011-12-12 13:22 - 2011-12-12 13:22 - 0402528 ____A (NCH Software) C:\Users\tommyg\Downloads\pixsetup.exe
2011-12-12 13:22 - 2011-12-12 13:22 - 0402528 ____A (NCH Software) C:\Documents and Settings\tommyg\Downloads\pixsetup.exe
2011-12-12 13:20 - 2011-12-12 13:18 - 0000000 ____D C:\Users\tommyg\Documents\Image Converter Plus
2011-12-12 13:20 - 2011-12-12 13:18 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Image Converter Plus
2011-12-12 13:18 - 2011-12-12 13:18 - 0000949 ____A C:\Users\tommyg\Desktop\ImageConverter Plus.lnk
2011-12-12 13:18 - 2011-12-12 13:18 - 0000949 ____A C:\Documents and Settings\tommyg\Desktop\ImageConverter Plus.lnk
2011-12-12 13:18 - 2011-12-12 13:18 - 0000000 ____D C:\Users\Public\Documents\ImageConverter Plus
2011-12-12 13:18 - 2011-12-12 13:18 - 0000000 ____D C:\Program Files\ImageConverter Plus
2011-12-12 13:18 - 2011-12-12 13:18 - 0000000 ____D C:\Documents and Settings\Public\Documents\ImageConverter Plus
2011-12-12 13:15 - 2011-12-12 13:14 - 15244744 ____A (fCoder Group, Inc. ) C:\Users\tommyg\Downloads\converter.exe
2011-12-12 13:15 - 2011-12-12 13:14 - 15244744 ____A (fCoder Group, Inc. ) C:\Documents and Settings\tommyg\Downloads\converter.exe
2011-12-11 19:34 - 2011-04-02 23:37 - 0000000 ____D C:\Users\tommyg\AppData\LocalLow
2011-12-11 19:34 - 2011-04-02 23:37 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\LocalLow
2011-12-11 11:05 - 2011-04-09 11:15 - 0000000 ____D C:\Program Files\XfireXO
2011-12-10 15:35 - 2011-11-15 23:00 - 0000000 ____D C:\Users\tommyg\Documents\Universe Sandbox
2011-12-10 15:35 - 2011-11-15 23:00 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Universe Sandbox
2011-12-10 15:24 - 2012-01-09 00:12 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-05 23:05 - 2011-12-05 23:05 - 0000000 ____D C:\Users\tommyg\Desktop\towns2
2011-12-05 23:05 - 2011-12-05 23:05 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\towns2
2011-12-05 17:00 - 2011-12-05 16:59 - 11802757 ____A C:\Users\tommyg\Downloads\Cracked Steam.rar
2011-12-05 17:00 - 2011-12-05 16:59 - 11802757 ____A C:\Documents and Settings\tommyg\Downloads\Cracked Steam.rar
2011-12-04 16:57 - 2011-05-21 11:55 - 0271057 ____A C:\Windows\DirectX.log
2011-12-04 16:56 - 2011-12-04 16:56 - 0002064 ____A C:\Users\Public\Desktop\Medieval II Total War.lnk
2011-12-04 16:56 - 2011-12-04 16:56 - 0002064 ____A C:\Documents and Settings\Public\Desktop\Medieval II Total War.lnk
2011-12-04 16:43 - 2011-12-04 16:43 - 0000000 ____D C:\Program Files\SEGA
2011-12-04 16:42 - 2011-11-25 21:10 - 0000000 ____D C:\Users\tommyg\Documents\Afterfall.InSanity-SKIDROW
2011-12-04 16:42 - 2011-11-25 21:10 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Afterfall.InSanity-SKIDROW
2011-12-04 16:41 - 2011-11-19 21:47 - 0000000 ____D C:\Users\tommyg\Documents\The_Elder_Scrolls_V_Skyrim-Razor1911
2011-12-04 16:41 - 2011-11-19 21:47 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\The_Elder_Scrolls_V_Skyrim-Razor1911
2011-12-04 16:23 - 2011-12-04 16:23 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\InstallShield
2011-12-04 16:23 - 2011-12-04 16:23 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\InstallShield
2011-12-04 13:08 - 2011-12-04 13:08 - 0001092 ____A C:\Users\tommyg\Desktop\Mozilla Firefox.lnk
2011-12-04 13:08 - 2011-12-04 13:08 - 0001092 ____A C:\Documents and Settings\tommyg\Desktop\Mozilla Firefox.lnk
2011-12-04 07:19 - 2011-12-05 21:52 - 0000000 ____D C:\Users\tommyg\Desktop\Towns
2011-12-04 07:19 - 2011-12-05 21:52 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\Towns
2011-12-03 15:54 - 2011-10-14 13:05 - 0000000 ____D C:\Users\tommyg\Desktop\JungleFlasher.0.1.89.Beta(284)
2011-12-03 15:54 - 2011-10-14 13:05 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\JungleFlasher.0.1.89.Beta(284)
2011-12-03 15:52 - 2011-12-03 15:52 - 0000000 ____D C:\Users\tommyg\Downloads\JungleFlasher.0.1.89.Beta(284)
2011-12-03 15:52 - 2011-12-03 15:52 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\JungleFlasher.0.1.89.Beta(284)
2011-11-30 22:09 - 2011-11-30 22:09 - 7017840 ____A C:\Users\tommyg\Downloads\Spotify Installer.exe
2011-11-30 22:09 - 2011-11-30 22:09 - 7017840 ____A C:\Documents and Settings\tommyg\Downloads\Spotify Installer.exe
2011-11-30 21:55 - 2011-11-30 21:55 - 0086296 ____A (Spotify Ltd) C:\Users\tommyg\Downloads\SpotifySetup.exe
2011-11-30 21:55 - 2011-11-30 21:55 - 0086296 ____A (Spotify Ltd) C:\Documents and Settings\tommyg\Downloads\SpotifySetup.exe
2011-11-30 21:55 - 2011-11-30 21:55 - 0000919 ____A C:\Users\tommyg\Desktop\Spotify.lnk
2011-11-30 21:55 - 2011-11-30 21:55 - 0000919 ____A C:\Documents and Settings\tommyg\Desktop\Spotify.lnk
2011-11-30 20:03 - 2011-11-19 10:19 - 0000000 ____D C:\Users\tommyg\Desktop\minecraft serve 1.0
2011-11-30 20:03 - 2011-11-19 10:19 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\minecraft serve 1.0
2011-11-30 15:23 - 2009-07-14 02:37 - 0000000 ____D C:\Windows\System32\NDF
2011-11-30 14:02 - 2011-08-15 21:28 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\.minecraft
2011-11-30 14:02 - 2011-08-15 21:28 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\.minecraft
2011-11-26 16:59 - 2011-04-02 17:18 - 0000000 ____D C:\Windows\System32\directx
2011-11-26 16:58 - 2011-04-02 17:18 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-11-26 15:41 - 2011-11-26 15:24 - 581505024 ____A C:\Users\tommyg\Documents\AMischiefs.iso
2011-11-26 15:41 - 2011-11-26 15:24 - 581505024 ____A C:\Documents and Settings\tommyg\Documents\AMischiefs.iso
2011-11-26 14:13 - 2011-11-26 14:13 - 0001620 ____A C:\Users\tommyg\Desktop\SkyrimLauncher - Shortcut.lnk
2011-11-26 14:13 - 2011-11-26 14:13 - 0001620 ____A C:\Documents and Settings\tommyg\Desktop\SkyrimLauncher - Shortcut.lnk
2011-11-26 00:48 - 2011-04-18 12:58 - 0000000 ____D C:\Users\tommyg\Documents\My Games
2011-11-26 00:48 - 2011-04-18 12:58 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\My Games
2011-11-26 00:44 - 2011-11-26 00:44 - 0002321 ____A C:\Users\Public\Desktop\Afterfall InSanity.lnk
2011-11-26 00:44 - 2011-11-26 00:44 - 0002321 ____A C:\Documents and Settings\Public\Desktop\Afterfall InSanity.lnk
2011-11-26 00:36 - 2011-11-26 00:36 - 0000000 ____D C:\Program Files\Nicolas Games
2011-11-25 18:55 - 2011-11-25 18:55 - 0837113 ____A C:\Users\tommyg\Downloads\fas-l114.7z
2011-11-25 18:55 - 2011-11-25 18:55 - 0837113 ____A C:\Documents and Settings\tommyg\Downloads\fas-l114.7z
2011-11-25 18:55 - 2011-11-25 18:55 - 0000000 ____D C:\Users\tommyg\Downloads\fas-l114
2011-11-25 18:55 - 2011-11-25 18:55 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\fas-l114
2011-11-25 18:54 - 2011-11-25 18:54 - 0843410 ____A C:\Users\tommyg\Downloads\fas-l22e(2).7z
2011-11-25 18:54 - 2011-11-25 18:54 - 0843410 ____A C:\Documents and Settings\tommyg\Downloads\fas-l22e(2).7z
2011-11-25 18:53 - 2011-11-25 18:53 - 0843410 ____A C:\Users\tommyg\Downloads\fas-l22e(1).7z
2011-11-25 18:53 - 2011-11-25 18:53 - 0843410 ____A C:\Documents and Settings\tommyg\Downloads\fas-l22e(1).7z
2011-11-25 18:53 - 2011-11-25 18:53 - 0000000 ____D C:\Users\tommyg\Downloads\fas-l22e(1)
2011-11-25 18:53 - 2011-11-25 18:53 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\fas-l22e(1)
2011-11-25 16:57 - 2011-11-25 16:39 - 276340695 ____A C:\Users\tommyg\Documents\4-skdftrfllnsnt.part09.rar
2011-11-25 16:57 - 2011-11-25 16:39 - 276340695 ____A C:\Documents and Settings\tommyg\Documents\4-skdftrfllnsnt.part09.rar
2011-11-24 22:34 - 2011-11-24 22:34 - 0027534 ____A C:\Users\tommyg\Downloads\keepontop(1).zip
2011-11-24 22:34 - 2011-11-24 22:34 - 0027534 ____A C:\Documents and Settings\tommyg\Downloads\keepontop(1).zip
2011-11-24 22:05 - 2011-11-24 22:05 - 0001776 ____A C:\Users\tommyg\Desktop\Cave Story+.lnk
2011-11-24 22:05 - 2011-11-24 22:05 - 0001776 ____A C:\Documents and Settings\tommyg\Desktop\Cave Story+.lnk
2011-11-24 22:04 - 2011-11-24 22:02 - 19554471 ____A C:\Users\tommyg\Downloads\Cave.Story+.v1.0.cracked-THETA.rar
2011-11-24 22:04 - 2011-11-24 22:02 - 19554471 ____A C:\Documents and Settings\tommyg\Downloads\Cave.Story+.v1.0.cracked-THETA.rar
2011-11-24 19:18 - 2011-11-24 19:18 - 0002081 ____A C:\Users\All Users\ENG.2011-11.pl.nicolasgames_B34AA2E6-FC79-4A48-89B3-7919D9EB9481.swidtag
2011-11-24 19:18 - 2011-11-24 19:18 - 0002081 ____A C:\Users\All Users\Application Data\ENG.2011-11.pl.nicolasgames_B34AA2E6-FC79-4A48-89B3-7919D9EB9481.swidtag
2011-11-24 19:18 - 2011-11-24 19:18 - 0002081 ____A C:\ProgramData\ENG.2011-11.pl.nicolasgames_B34AA2E6-FC79-4A48-89B3-7919D9EB9481.swidtag
2011-11-24 19:18 - 2011-11-24 19:18 - 0002081 ____A C:\Documents and Settings\All Users\ENG.2011-11.pl.nicolasgames_B34AA2E6-FC79-4A48-89B3-7919D9EB9481.swidtag
2011-11-24 19:18 - 2011-11-24 19:18 - 0002081 ____A C:\Documents and Settings\All Users\Application Data\ENG.2011-11.pl.nicolasgames_B34AA2E6-FC79-4A48-89B3-7919D9EB9481.swidtag
2011-11-24 04:25 - 2011-12-14 10:09 - 2342912 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-24 00:06 - 2011-08-23 11:33 - 0000000 ____D C:\Program Files\Hotspot Shield
2011-11-22 14:21 - 2011-11-22 14:13 - 0000000 ____D C:\Program Files\The Elder Scrolls V Skyrim
2011-11-22 12:55 - 2011-11-22 12:55 - 0000000 ____D C:\Users\tommyg\Documents\SimBin
2011-11-22 12:55 - 2011-11-22 12:55 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\SimBin
2011-11-22 12:53 - 2011-11-22 12:53 - 0002028 ____A C:\Users\Public\Desktop\Race Injection.lnk
2011-11-22 12:53 - 2011-11-22 12:53 - 0002028 ____A C:\Documents and Settings\Public\Desktop\Race Injection.lnk
2011-11-21 22:43 - 2011-11-19 00:19 - 0000000 ____D C:\Users\tommyg\Downloads\Online Pass~
2011-11-21 22:43 - 2011-11-19 00:19 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Online Pass~
2011-11-21 18:52 - 2011-06-25 21:55 - 0000000 ____D C:\Users\tommyg\Documents\Trucks & Trailers
2011-11-21 18:52 - 2011-06-25 21:55 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Trucks & Trailers
2011-11-21 17:30 - 2011-07-25 23:03 - 0000000 ____D C:\Users\tommyg\Desktop\minecraft server
2011-11-21 17:30 - 2011-07-25 23:03 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\minecraft server
2011-11-21 15:38 - 2011-11-21 15:33 - 216050560 ____A C:\Users\tommyg\Documents\UFC.139-Shogun.Vs.Henderson-Weigh-Ins.XviD-UPiNSMOKE.avi
2011-11-21 15:38 - 2011-11-21 15:33 - 216050560 ____A C:\Documents and Settings\tommyg\Documents\UFC.139-Shogun.Vs.Henderson-Weigh-Ins.XviD-UPiNSMOKE.avi
2011-11-21 00:47 - 2011-04-16 15:32 - 0000000 ____D C:\Program Files\JDownloader
2011-11-20 18:12 - 2011-11-20 18:12 - 0159464 ____A C:\Users\tommyg\Downloads\conners.rar
2011-11-20 18:12 - 2011-11-20 18:12 - 0159464 ____A C:\Documents and Settings\tommyg\Downloads\conners.rar
2011-11-20 18:10 - 2011-11-20 18:09 - 6432566 ____A (Minetheweb.tk ) C:\Users\tommyg\Downloads\Minecraft Installer 1.7.3.exe
2011-11-20 18:10 - 2011-11-20 18:09 - 6432566 ____A (Minetheweb.tk ) C:\Documents and Settings\tommyg\Downloads\Minecraft Installer 1.7.3.exe
2011-11-20 14:56 - 2011-11-20 14:56 - 0000000 ____D C:\Program Files\THQ
2011-11-19 18:32 - 2011-04-02 19:38 - 0000000 ____D C:\Program Files\Electronic Arts
2011-11-19 18:05 - 2011-05-03 17:54 - 0000000 ____D C:\Users\tommyg\Documents\Reakktor Media
2011-11-19 18:05 - 2011-05-03 17:54 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Reakktor Media
2011-11-19 18:05 - 2011-04-13 21:21 - 0000000 ____D C:\Users\tommyg\AppData\Local\Focus Home Interactive
2011-11-19 18:05 - 2011-04-13 21:21 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Focus Home Interactive
2011-11-19 18:04 - 2011-04-03 18:47 - 0000000 ____D C:\Program Files\Telltale Games
2011-11-19 18:02 - 2011-08-14 20:52 - 0000000 ____D C:\Windows\GTA IV - Ultimate Vehicle Pack
2011-11-19 18:02 - 2009-07-14 04:52 - 0000000 ____D C:\Program Files\Microsoft Games
2011-11-19 18:01 - 2011-06-27 15:47 - 0000000 ____D C:\Nexon
2011-11-19 17:59 - 2011-09-29 13:44 - 0000000 ___HD C:\Program Files\Common Files\EAInstaller
2011-11-19 17:55 - 2011-08-27 19:26 - 0000000 ____D C:\Program Files\Kalypso Media
2011-11-19 17:06 - 2011-11-19 17:06 - 6553600 ____A C:\Users\tommyg\Downloads\BarracudaLP-ALL-CC35.iso
2011-11-19 17:06 - 2011-11-19 17:06 - 6553600 ____A C:\Documents and Settings\tommyg\Downloads\BarracudaLP-ALL-CC35.iso
2011-11-19 16:59 - 2011-11-19 16:59 - 9370531 ____A (Seagate) C:\Users\tommyg\Downloads\BarracudaLP-ALL-CC35(1).exe
2011-11-19 16:59 - 2011-11-19 16:59 - 9370531 ____A (Seagate) C:\Documents and Settings\tommyg\Downloads\BarracudaLP-ALL-CC35(1).exe
2011-11-19 16:02 - 2011-11-19 16:02 - 9370531 ____A (Seagate) C:\Users\tommyg\Downloads\BarracudaLP-ALL-CC35.exe
2011-11-19 16:02 - 2011-11-19 16:02 - 9370531 ____A (Seagate) C:\Documents and Settings\tommyg\Downloads\BarracudaLP-ALL-CC35.exe
2011-11-19 13:10 - 2011-11-19 13:04 - 107920157 ____A (Acronis) C:\Users\tommyg\Downloads\ADD11H_trial_en-EU.exe.part
2011-11-19 13:10 - 2011-11-19 13:04 - 107920157 ____A (Acronis) C:\Documents and Settings\tommyg\Downloads\ADD11H_trial_en-EU.exe.part
2011-11-19 12:49 - 2011-11-19 12:49 - 0002453 ____A C:\Users\Public\Desktop\SeaTools for Windows.lnk
2011-11-19 12:49 - 2011-11-19 12:49 - 0002453 ____A C:\Documents and Settings\Public\Desktop\SeaTools for Windows.lnk
2011-11-19 12:49 - 2011-11-19 12:49 - 0000000 ____D C:\Program Files\Seagate
2011-11-19 12:49 - 2011-11-19 12:48 - 17977016 ____A C:\Users\tommyg\Downloads\SeaToolsforWindowsSetup-1205.exe
2011-11-19 12:49 - 2011-11-19 12:48 - 17977016 ____A C:\Documents and Settings\tommyg\Downloads\SeaToolsforWindowsSetup-1205.exe
2011-11-19 12:49 - 2011-04-18 12:52 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2011-11-19 12:47 - 2011-07-09 12:18 - 0000000 ____D C:\Program Files\Microsoft Office
2011-11-19 10:20 - 2011-11-17 19:18 - 0000000 ____D C:\Users\tommyg\Desktop\new servers minecraft
2011-11-19 10:20 - 2011-11-17 19:18 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\new servers minecraft
2011-11-18 21:32 - 2011-05-21 18:16 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Tunngle
2011-11-18 21:32 - 2011-05-21 18:16 - 0000000 ____D C:\Users\All Users\Tunngle
2011-11-18 21:32 - 2011-05-21 18:16 - 0000000 ____D C:\Users\All Users\Application Data\Tunngle
2011-11-18 21:32 - 2011-05-21 18:16 - 0000000 ____D C:\ProgramData\Tunngle
2011-11-18 21:32 - 2011-05-21 18:16 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Tunngle
2011-11-18 21:32 - 2011-05-21 18:16 - 0000000 ____D C:\Documents and Settings\All Users\Tunngle
2011-11-18 21:32 - 2011-05-21 18:16 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Tunngle
2011-11-16 09:42 - 2011-11-16 09:42 - 1546904 ____A (PGWARE LLC ) C:\Users\tommyg\Downloads\gamegain.exe
2011-11-16 09:42 - 2011-11-16 09:42 - 1546904 ____A (PGWARE LLC ) C:\Documents and Settings\tommyg\Downloads\gamegain.exe
2011-11-15 23:01 - 2011-11-15 23:01 - 0000000 __SHD C:\Users\tommyg\wc
2011-11-15 23:01 - 2011-11-15 23:01 - 0000000 __SHD C:\Documents and Settings\tommyg\wc
2011-11-15 23:01 - 2011-11-15 23:00 - 0000000 __SHD C:\Users\tommyg\AppData\Roaming\wyUpdate AU
2011-11-15 23:01 - 2011-11-15 23:00 - 0000000 __SHD C:\Documents and Settings\tommyg\AppData\Roaming\wyUpdate AU
2011-11-15 23:00 - 2011-11-15 23:00 - 0001959 ____A C:\Users\tommyg\Desktop\Universe Sandbox.lnk
2011-11-15 23:00 - 2011-11-15 23:00 - 0001959 ____A C:\Documents and Settings\tommyg\Desktop\Universe Sandbox.lnk
2011-11-15 23:00 - 2011-11-15 23:00 - 0000000 ____D C:\Users\tommyg\AppData\Local\Universe Sandbox
2011-11-15 23:00 - 2011-11-15 23:00 - 0000000 ____D C:\Program Files\Universe Sandbox
2011-11-15 23:00 - 2011-11-15 23:00 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Universe Sandbox
2011-11-15 22:47 - 2011-11-15 22:47 - 0011633 ____A C:\Users\tommyg\Downloads\Universe_Sandbox_RIP-Unleashed.6375150.TPB.torrent
2011-11-15 22:47 - 2011-11-15 22:47 - 0011633 ____A C:\Documents and Settings\tommyg\Downloads\Universe_Sandbox_RIP-Unleashed.6375150.TPB.torrent
2011-11-15 21:45 - 2011-11-15 21:30 - 146573646 ____A C:\Users\tommyg\Downloads\PC_Gam_Uk_2011_12.pdf
2011-11-15 21:45 - 2011-11-15 21:30 - 146573646 ____A C:\Documents and Settings\tommyg\Downloads\PC_Gam_Uk_2011_12.pdf
2011-11-13 00:19 - 2011-11-13 00:19 - 0013164 ____A C:\Users\tommyg\Downloads\BSA_unpacker-3117(1).7z
2011-11-13 00:19 - 2011-11-13 00:19 - 0013164 ____A C:\Documents and Settings\tommyg\Downloads\BSA_unpacker-3117(1).7z
2011-11-13 00:19 - 2011-11-13 00:19 - 0000000 ____D C:\Users\tommyg\Downloads\BSA_unpacker-3117
2011-11-13 00:19 - 2011-11-13 00:19 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\BSA_unpacker-3117
2011-11-13 00:12 - 2011-11-13 00:12 - 0013164 ____A C:\Users\tommyg\Downloads\BSA_unpacker-3117.7z
2011-11-13 00:12 - 2011-11-13 00:12 - 0013164 ____A C:\Documents and Settings\tommyg\Downloads\BSA_unpacker-3117.7z
2011-11-12 23:47 - 2011-11-12 23:47 - 0000000 ____D C:\Users\tommyg\Downloads\TES_V_S_Update_1-Razor1911
2011-11-12 23:47 - 2011-11-12 23:47 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\TES_V_S_Update_1-Razor1911
2011-11-12 23:46 - 2011-11-12 23:45 - 6685523 ____A C:\Users\tommyg\Downloads\TES_V_S_Update_1-Razor1911.rar
2011-11-12 23:46 - 2011-11-12 23:45 - 6685523 ____A C:\Documents and Settings\tommyg\Downloads\TES_V_S_Update_1-Razor1911.rar
2011-11-10 19:05 - 2011-11-10 19:05 - 0000000 ____D C:\Users\tommyg\AppData\Local\Skyrim
2011-11-10 19:05 - 2011-11-10 19:05 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Skyrim
2011-11-10 05:54 - 2012-01-09 14:44 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-11-10 05:54 - 2012-01-09 14:44 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-11-10 05:54 - 2012-01-09 14:44 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-11-10 05:54 - 2011-04-11 08:19 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2011-11-10 03:44 - 2011-11-10 03:44 - 8913920 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2011-11-10 03:17 - 2011-11-10 03:17 - 0208016 ____A C:\Windows\System32\atiapfxx.blb
2011-11-10 03:17 - 2011-11-10 03:17 - 0159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2011-11-10 03:16 - 2011-01-27 06:00 - 0774656 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx32.dll
2011-11-10 03:12 - 2011-10-26 02:01 - 0466944 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2011-11-10 03:11 - 2011-11-10 03:11 - 0417792 ____A (AMD) C:\Windows\System32\atieclxx.exe
2011-11-10 03:11 - 2011-11-10 03:11 - 0176128 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2011-11-10 03:10 - 2011-11-10 03:10 - 0163840 ____A (AMD) C:\Windows\System32\atitmmxx.dll
2011-11-10 03:09 - 2011-11-10 03:09 - 0360448 ____A (ATI Technologies, Inc.) C:\Windows\System32\atipdlxx.dll
2011-11-10 03:09 - 2011-11-10 03:09 - 0278528 ____A (ATI Technologies, Inc.) C:\Windows\System32\Oemdspif.dll
2011-11-10 03:09 - 2011-11-10 03:09 - 0043520 ____A (ATI Technologies, Inc.) C:\Windows\System32\ati2edxx.dll
2011-11-10 03:09 - 2011-11-10 03:09 - 0020992 ____A (AMD) C:\Windows\System32\atimuixx.dll
2011-11-10 03:06 - 2011-01-27 05:49 - 6077952 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx32.dll
2011-11-10 02:58 - 2011-11-10 02:58 - 18996224 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atioglxx.dll
2011-11-10 02:40 - 2011-11-10 02:40 - 1828864 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdmv.dll
2011-11-10 02:34 - 2011-11-10 02:34 - 0046080 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt.dll
2011-11-10 02:34 - 2011-11-10 02:34 - 0044032 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl.dll
2011-11-10 02:33 - 2011-03-09 04:30 - 5852672 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdag.dll
2011-11-10 02:29 - 2011-11-10 02:29 - 11300864 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd.dll
2011-11-10 02:29 - 2011-03-09 03:34 - 4200960 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumdva.dll
2011-11-10 02:28 - 2011-11-10 02:28 - 2044928 ____A C:\Windows\System32\atiumdva.cap
2011-11-10 02:28 - 2011-11-10 02:28 - 0204960 ____A C:\Windows\System32\ativvsvl.dat
2011-11-10 02:28 - 2011-11-10 02:28 - 0157152 ____A C:\Windows\System32\ativvsva.dat
2011-11-10 02:18 - 2011-01-27 05:20 - 0051200 ____A (AMD) C:\Windows\System32\coinst.dll
2011-11-10 02:13 - 2011-11-10 02:13 - 0014336 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2011-11-10 02:13 - 2011-10-26 01:22 - 0348160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2011-11-10 02:12 - 2011-11-10 02:12 - 0263680 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2011-11-10 02:12 - 2011-11-10 02:12 - 0032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atigktxx.dll
2011-11-10 02:11 - 2011-11-10 02:11 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc32.dll
2011-11-10 02:11 - 2011-11-10 02:11 - 0053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom32.dll
2011-11-10 02:11 - 2011-01-27 05:12 - 0032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxpag.dll
2011-11-10 02:11 - 2011-01-27 05:12 - 0029184 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9pag.dll
2011-11-10 02:10 - 2011-11-10 02:10 - 0053248 ____A (ATI Technologies Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2011-11-09 22:39 - 2011-11-09 22:39 - 0059904 ____A C:\Windows\System32\OpenVideo.dll
2011-11-09 22:39 - 2011-11-09 22:39 - 0054784 ____A C:\Windows\System32\OVDecode.dll
2011-11-09 22:38 - 2011-11-09 22:38 - 14375936 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl.dll
2011-11-09 22:37 - 2011-11-09 22:37 - 0044032 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2011-11-09 19:57 - 2009-07-14 02:37 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Users\tommyg\AppData\Local\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Users\All Users\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Users\All Users\Application Data\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\ProgramData\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Documents and Settings\All Users\Megamedia
2011-11-09 11:06 - 2011-11-09 11:06 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Megamedia
2011-11-09 11:06 - 2011-11-09 11:05 - 5677352 ____A (Megamedia Ltd.) C:\Users\tommyg\Downloads\megakey.exe
2011-11-09 11:06 - 2011-11-09 11:05 - 5677352 ____A (Megamedia Ltd.) C:\Documents and Settings\tommyg\Downloads\megakey.exe
2011-11-08 20:21 - 2011-11-08 20:21 - 0056315 ____A C:\Users\tommyg\Downloads\Xplorer360.beta6.rar
2011-11-08 20:21 - 2011-11-08 20:21 - 0056315 ____A C:\Documents and Settings\tommyg\Downloads\Xplorer360.beta6.rar
2011-11-08 20:21 - 2011-11-08 20:21 - 0000000 ____D C:\Users\tommyg\Downloads\Xplorer360.beta6
2011-11-08 20:21 - 2011-11-08 20:21 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Xplorer360.beta6
2011-11-08 19:11 - 2011-11-08 19:11 - 0000000 ____D C:\Users\tommyg\Downloads\USBXTAFGUI_v44
2011-11-08 19:11 - 2011-11-08 19:11 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\USBXTAFGUI_v44
2011-11-08 19:05 - 2011-11-08 19:05 - 0414661 ____A C:\Users\tommyg\Downloads\USBXTAFGUI_v44.zip
2011-11-08 19:05 - 2011-11-08 19:05 - 0414661 ____A C:\Documents and Settings\tommyg\Downloads\USBXTAFGUI_v44.zip
2011-11-08 16:22 - 2011-11-08 13:52 - 0000041 ___SH C:\Users\All Users\Application Data\.zreglib
2011-11-08 16:22 - 2011-11-08 13:52 - 0000041 ___SH C:\Users\All Users\.zreglib
2011-11-08 16:22 - 2011-11-08 13:52 - 0000041 ___SH C:\ProgramData\.zreglib
2011-11-08 16:22 - 2011-11-08 13:52 - 0000041 ___SH C:\Documents and Settings\All Users\Application Data\.zreglib
2011-11-08 16:22 - 2011-11-08 13:52 - 0000041 ___SH C:\Documents and Settings\All Users\.zreglib
2011-11-08 15:11 - 2011-11-08 15:11 - 8990288 ____A C:\Users\tommyg\Downloads\JungleFlasher.0.1.89.Beta(284).rar
2011-11-08 15:11 - 2011-11-08 15:11 - 8990288 ____A C:\Documents and Settings\tommyg\Downloads\JungleFlasher.0.1.89.Beta(284).rar
2011-11-08 15:11 - 2011-11-08 15:11 - 0000000 ____D C:\Users\tommyg\Desktop\JungleFlasher v0.1.89 Beta (284)
2011-11-08 15:11 - 2011-11-08 15:11 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\JungleFlasher v0.1.89 Beta (284)
2011-11-08 13:36 - 2011-11-08 13:36 - 2734688 ____A C:\Users\tommyg\Downloads\SetupCloneCD5314.exe
2011-11-08 13:36 - 2011-11-08 13:36 - 2734688 ____A C:\Documents and Settings\tommyg\Downloads\SetupCloneCD5314.exe
2011-11-08 13:36 - 2011-11-08 13:36 - 0001071 ____A C:\Users\Public\Desktop\CloneCD.lnk
2011-11-08 13:36 - 2011-11-08 13:36 - 0001071 ____A C:\Documents and Settings\Public\Desktop\CloneCD.lnk
2011-11-08 13:36 - 2011-11-08 13:36 - 0000000 ____D C:\Program Files\SlySoft
2011-11-07 22:10 - 2011-11-07 22:10 - 0000000 ____D C:\Users\All Users\hssff
2011-11-07 22:10 - 2011-11-07 22:10 - 0000000 ____D C:\Users\All Users\Application Data\hssff
2011-11-07 22:10 - 2011-11-07 22:10 - 0000000 ____D C:\ProgramData\hssff
2011-11-07 22:10 - 2011-11-07 22:10 - 0000000 ____D C:\Documents and Settings\All Users\hssff
2011-11-07 22:10 - 2011-11-07 22:10 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\hssff
2011-11-07 18:53 - 2011-07-02 20:36 - 0000000 ____D C:\Users\tommyg\AppData\Local\ArmA 2 Free
2011-11-07 18:53 - 2011-07-02 20:36 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\ArmA 2 Free
2011-11-07 13:23 - 2011-11-07 13:23 - 0000000 ____D C:\Users\tommyg\AppData\Local\SCE
2011-11-07 13:23 - 2011-11-07 13:23 - 0000000 ____D C:\Users\Public\Sony Online Entertainment
2011-11-07 13:23 - 2011-11-07 13:23 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\SCE
2011-11-07 13:23 - 2011-11-07 13:23 - 0000000 ____D C:\Documents and Settings\Public\Sony Online Entertainment
2011-11-07 13:23 - 2011-11-07 13:22 - 8980224 ____A C:\Users\tommyg\Downloads\DCUO_setup.exe
2011-11-07 13:23 - 2011-11-07 13:22 - 8980224 ____A C:\Documents and Settings\tommyg\Downloads\DCUO_setup.exe
2011-11-05 04:26 - 2011-12-14 10:09 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 11:33 - 2011-10-14 13:13 - 0000000 ____D C:\Users\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack
2011-11-04 11:33 - 2011-10-14 13:13 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack
2011-11-04 10:50 - 2011-11-04 10:50 - 0001811 ____A C:\Users\Public\Desktop\ImgBurn.lnk
2011-11-04 10:50 - 2011-11-04 10:50 - 0001811 ____A C:\Documents and Settings\Public\Desktop\ImgBurn.lnk
2011-11-04 10:49 - 2011-11-04 10:48 - 6055875 ____A (LIGHTNING UK!) C:\Users\tommyg\Downloads\SetupImgBurn_2.5.6.0.exe
2011-11-04 10:49 - 2011-11-04 10:48 - 6055875 ____A (LIGHTNING UK!) C:\Documents and Settings\tommyg\Downloads\SetupImgBurn_2.5.6.0.exe
2011-11-03 23:02 - 2011-12-15 03:04 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 22:47 - 2011-12-15 03:04 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 22:46 - 2011-12-15 03:04 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 22:40 - 2011-12-15 03:04 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 22:40 - 2011-12-15 03:04 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 22:39 - 2011-12-15 03:04 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 22:38 - 2011-12-15 03:04 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 22:37 - 2011-12-15 03:04 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 22:34 - 2011-12-15 03:04 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 22:32 - 2011-12-15 03:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 22:32 - 2011-12-15 03:04 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 22:31 - 2011-12-15 03:04 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 22:28 - 2011-12-15 03:04 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 19:20 - 2011-04-02 18:46 - 0000000 ____D C:\Users\tommyg\AppData\Local\ArmA 2 OA
2011-11-03 19:20 - 2011-04-02 18:46 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\ArmA 2 OA
2011-11-03 16:20 - 2011-11-03 16:17 - 0000000 ____D C:\Windows\System32\appmgmt
2011-11-03 16:19 - 2011-11-03 16:18 - 0000000 ____D C:\Users\tommyg\Documents\BFBC2
2011-11-03 16:19 - 2011-11-03 16:18 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\BFBC2
2011-11-02 17:32 - 2011-11-02 17:32 - 0000711 ____A C:\Users\tommyg\Downloads\fs.wu.hf.txt
2011-11-02 17:32 - 2011-11-02 17:32 - 0000711 ____A C:\Documents and Settings\tommyg\Downloads\fs.wu.hf.txt
2011-11-02 02:04 - 2011-08-13 15:01 - 0435420 ____A C:\Users\tommyg\Desktop\Scanner.exe
2011-11-02 02:04 - 2011-08-13 15:01 - 0435420 ____A C:\Documents and Settings\tommyg\Desktop\Scanner.exe
2011-10-31 18:15 - 2011-11-21 22:41 - 0000000 ____D C:\Users\tommyg\Desktop\E0000314FA661944
2011-10-31 18:15 - 2011-11-21 22:41 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\E0000314FA661944
2011-10-31 15:49 - 2011-06-05 21:31 - 0000000 ___RD C:\Program Files\Skype
2011-10-27 20:24 - 2011-10-27 20:24 - 0002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2011-10-27 20:24 - 2011-10-27 20:24 - 0002170 ____A C:\Documents and Settings\Public\Desktop\Google Earth.lnk
2011-10-27 20:24 - 2011-09-17 20:58 - 0000000 ____D C:\Program Files\Google
2011-10-27 20:22 - 2011-10-27 20:22 - 0606728 ____A (Google Inc.) C:\Users\tommyg\Downloads\googleupdatesetup.exe
2011-10-27 20:22 - 2011-10-27 20:22 - 0606728 ____A (Google Inc.) C:\Documents and Settings\tommyg\Downloads\googleupdatesetup.exe
2011-10-27 15:38 - 2011-10-27 15:38 - 12691587 ____A C:\Users\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack(1).rar
2011-10-27 15:38 - 2011-10-27 15:38 - 12691587 ____A C:\Documents and Settings\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack(1).rar
2011-10-27 15:38 - 2011-10-27 15:38 - 0000000 ____D C:\Users\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack(1)
2011-10-27 15:38 - 2011-10-27 15:38 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack(1)
2011-10-26 22:06 - 2011-10-26 22:06 - 0000000 ____D C:\Users\tommyg\Documents\Stronghold 3
2011-10-26 22:06 - 2011-10-26 22:06 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Stronghold 3
2011-10-26 21:52 - 2011-10-26 21:52 - 0001249 ____A C:\Users\Public\Desktop\Stronghold 3 x64.lnk
2011-10-26 21:52 - 2011-10-26 21:52 - 0001249 ____A C:\Documents and Settings\Public\Desktop\Stronghold 3 x64.lnk
2011-10-26 13:02 - 2011-10-26 13:02 - 0000000 ____D C:\Users\tommyg\Downloads\26-10database
2011-10-26 13:02 - 2011-10-26 13:02 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\26-10database
2011-10-26 12:59 - 2011-10-26 12:59 - 0027619 ____A C:\Users\tommyg\Downloads\26-10database.rar
2011-10-26 12:59 - 2011-10-26 12:59 - 0027619 ____A C:\Documents and Settings\tommyg\Downloads\26-10database.rar
2011-10-26 11:33 - 2011-11-21 22:41 - 0000000 ____D C:\Users\tommyg\Desktop\45410950
2011-10-26 11:33 - 2011-11-21 22:41 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\45410950
2011-10-26 10:09 - 2011-10-26 10:08 - 0000000 ____D C:\Users\tommyg\Documents\Battlefield 3
2011-10-26 10:09 - 2011-10-26 10:08 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Battlefield 3
2011-10-26 09:38 - 2011-04-02 19:43 - 0000000 ____D C:\Users\All Users\Electronic Arts
2011-10-26 09:38 - 2011-04-02 19:43 - 0000000 ____D C:\Users\All Users\Application Data\Electronic Arts
2011-10-26 09:38 - 2011-04-02 19:43 - 0000000 ____D C:\ProgramData\Electronic Arts
2011-10-26 09:38 - 2011-04-02 19:43 - 0000000 ____D C:\Documents and Settings\All Users\Electronic Arts
2011-10-26 09:38 - 2011-04-02 19:43 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Electronic Arts
2011-10-26 08:53 - 2011-10-26 08:53 - 0002955 ____A C:\Windows\System32\jupdate-1.6.0_29-b11.log
2011-10-26 04:47 - 2011-12-14 10:09 - 3967856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-10-26 04:47 - 2011-12-14 10:09 - 3912560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-10-26 04:28 - 2011-12-14 10:09 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-25 21:21 - 2011-10-25 21:21 - 0056832 ____A C:\Windows\System32\OVDecoder.dll
2011-10-25 20:25 - 2011-10-25 20:25 - 0000000 ____D C:\Users\tommyg\AppData\Local\QuickSFV
2011-10-25 20:25 - 2011-10-25 20:25 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Local\QuickSFV
2011-10-25 20:23 - 2011-10-25 20:23 - 0000000 ____D C:\Program Files\QuickSFV
2011-10-25 20:22 - 2011-10-25 20:22 - 0197120 ____A C:\Users\tommyg\Downloads\quicksfv-setup32.msi
2011-10-25 20:22 - 2011-10-25 20:22 - 0197120 ____A C:\Documents and Settings\tommyg\Downloads\quicksfv-setup32.msi
2011-10-25 12:32 - 2011-10-25 12:32 - 0000000 ____D C:\Users\tommyg\Downloads\JDownloaderAccounts 25-10-2011
2011-10-25 12:32 - 2011-10-25 12:32 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\JDownloaderAccounts 25-10-2011
2011-10-25 12:30 - 2011-10-25 12:27 - 12864246 ____A C:\Users\tommyg\Downloads\JDownloaderAccounts 25-10-2011.rar
2011-10-25 12:30 - 2011-10-25 12:27 - 12864246 ____A C:\Documents and Settings\tommyg\Downloads\JDownloaderAccounts 25-10-2011.rar
2011-10-24 18:23 - 2011-10-24 18:21 - 8970240 ____A C:\Users\tommyg\Downloads\f5d7000_v7032_0831.exe
2011-10-24 18:23 - 2011-10-24 18:21 - 8970240 ____A C:\Documents and Settings\tommyg\Downloads\f5d7000_v7032_0831.exe
2011-10-24 17:56 - 2011-10-24 17:56 - 15780622 ____A (Belkin ) C:\Users\tommyg\Downloads\f5d7000v8_ww_2.00.09.exe
2011-10-24 17:56 - 2011-10-24 17:56 - 15780622 ____A (Belkin ) C:\Documents and Settings\tommyg\Downloads\f5d7000v8_ww_2.00.09.exe
2011-10-24 13:35 - 2012-01-08 00:43 - 0000000 ____D C:\Users\tommyg\Desktop\Tweaking.com - Windows Repair
2011-10-24 13:35 - 2012-01-08 00:43 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\Tweaking.com - Windows Repair
2011-10-24 13:23 - 2011-10-24 13:23 - 0000000 ____D C:\Users\tommyg\Downloads\JDownloaderAccounts 24-10-2011
2011-10-24 13:23 - 2011-10-24 13:23 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\JDownloaderAccounts 24-10-2011
2011-10-24 13:21 - 2011-10-24 13:19 - 12864645 ____A C:\Users\tommyg\Downloads\JDownloaderAccounts 24-10-2011.rar
2011-10-24 13:21 - 2011-10-24 13:19 - 12864645 ____A C:\Documents and Settings\tommyg\Downloads\JDownloaderAccounts 24-10-2011.rar
2011-10-23 16:21 - 2011-10-23 16:21 - 0000073 ____A C:\Users\tommyg\Desktop\ukash.txt
2011-10-23 16:21 - 2011-10-23 16:21 - 0000073 ____A C:\Documents and

smokeymac · Jan 9, 2012

Settings\tommyg\Desktop\ukash.txt
2011-10-23 09:06 - 2011-10-23 09:05 - 0000000 ____D C:\Users\tommyg\Documents\My Spore Creations
2011-10-23 09:06 - 2011-10-23 09:05 - 0000000 ____D C:\Users\tommyg\AppData\Roaming\SPORE
2011-10-23 09:06 - 2011-10-23 09:05 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\My Spore Creations
2011-10-23 09:06 - 2011-10-23 09:05 - 0000000 ____D C:\Documents and Settings\tommyg\AppData\Roaming\SPORE
2011-10-22 19:27 - 2011-10-20 13:47 - 0000000 ____D C:\Users\tommyg\Documents\Vindictus EU
2011-10-22 19:27 - 2011-10-20 13:47 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Vindictus EU
2011-10-21 20:16 - 2011-10-21 20:16 - 1843200 ____A (Multicore Ware) C:\Windows\System32\SlotMaximizerBe.dll
2011-10-21 20:15 - 2011-10-21 20:15 - 0104448 ____A (Multicore Ware) C:\Windows\System32\SlotMaximizerAg.dll
2011-10-21 19:30 - 2011-10-21 19:30 - 0243168 ____A C:\Windows\System32\atiicdxx.dat
2011-10-21 10:07 - 2011-10-21 10:07 - 0002227 ____A C:\Users\Public\Desktop\Cities XL 2012.lnk
2011-10-21 10:07 - 2011-10-21 10:07 - 0002227 ____A C:\Documents and Settings\Public\Desktop\Cities XL 2012.lnk
2011-10-21 09:49 - 2011-04-13 21:16 - 0000000 ____D C:\Program Files\Focus Home Interactive
2011-10-20 19:46 - 2011-10-20 19:46 - 0000000 ____D C:\Users\tommyg\Downloads\deepsand.Zargabad.pbo_update6
2011-10-20 19:46 - 2011-10-20 19:46 - 0000000 ____D C:\Documents and Settings\tommyg\Downloads\deepsand.Zargabad.pbo_update6
2011-10-20 19:45 - 2011-10-20 19:45 - 0022746 ____A C:\Users\tommyg\Downloads\deepsand.Zargabad.pbo_update6.7z
2011-10-20 19:45 - 2011-10-20 19:45 - 0022746 ____A C:\Documents and Settings\tommyg\Downloads\deepsand.Zargabad.pbo_update6.7z
2011-10-20 19:41 - 2011-10-20 19:41 - 7238960 ____A C:\Users\tommyg\Downloads\OperationBlackThunder.Zargabadv1.56.zip
2011-10-20 19:41 - 2011-10-20 19:41 - 7238960 ____A C:\Documents and Settings\tommyg\Downloads\OperationBlackThunder.Zargabadv1.56.zip
2011-10-20 19:24 - 2011-10-20 19:24 - 0000000 ____D C:\Users\tommyg\Desktop\arma mission
2011-10-20 19:24 - 2011-10-20 19:24 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\arma mission
2011-10-20 19:22 - 2011-10-20 19:22 - 0124395 ____A C:\Users\tommyg\Downloads\armaunpbo_v10.zip
2011-10-20 19:22 - 2011-10-20 19:22 - 0124395 ____A C:\Documents and Settings\tommyg\Downloads\armaunpbo_v10.zip
2011-10-20 19:09 - 2011-10-20 19:09 - 0000000 ____D C:\Users\tommyg\Desktop\arma2
2011-10-20 19:09 - 2011-10-20 19:09 - 0000000 ____D C:\Documents and Settings\tommyg\Desktop\arma2
2011-10-20 13:47 - 2011-10-20 13:08 - 0000000 ____D C:\Users\All Users\NexonEU
2011-10-20 13:47 - 2011-10-20 13:08 - 0000000 ____D C:\Users\All Users\Application Data\NexonEU
2011-10-20 13:47 - 2011-10-20 13:08 - 0000000 ____D C:\ProgramData\NexonEU
2011-10-20 13:47 - 2011-10-20 13:08 - 0000000 ____D C:\Documents and Settings\All Users\NexonEU
2011-10-20 13:47 - 2011-10-20 13:08 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\NexonEU
2011-10-20 13:13 - 2011-06-27 15:50 - 0000000 ____D C:\Program Files\BandiMPEG1
2011-10-20 11:52 - 2011-10-20 11:52 - 0536576 ____A (Nexon) C:\Users\tommyg\Downloads\Vindictus_Downloader.exe
2011-10-20 11:52 - 2011-10-20 11:52 - 0536576 ____A (Nexon) C:\Documents and Settings\tommyg\Downloads\Vindictus_Downloader.exe
2011-10-20 11:52 - 2011-10-20 11:52 - 0446464 ____A (NEXON Inc.) C:\Windows\NEXON_EU_DownloaderUpdater.exe
2011-10-20 11:52 - 2011-10-20 11:52 - 0000235 ____A C:\Windows\System32\nxEuUninstall.bat
2011-10-17 17:40 - 2011-10-17 17:40 - 0085520 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\AtihdW73.sys
2011-10-17 16:22 - 2011-04-21 19:23 - 0000000 ____D C:\Program Files\SpeedFan
2011-10-17 13:31 - 2011-10-17 13:31 - 0001629 ____A C:\Users\tommyg\Desktop\F1_2011_Launcher - Shortcut.lnk
2011-10-17 13:31 - 2011-10-17 13:31 - 0001629 ____A C:\Documents and Settings\tommyg\Desktop\F1_2011_Launcher - Shortcut.lnk
2011-10-17 12:07 - 2011-10-17 12:07 - 0000000 ____D C:\Users\All Users\Codemasters
2011-10-17 12:07 - 2011-10-17 12:07 - 0000000 ____D C:\Users\All Users\Application Data\Codemasters
2011-10-17 12:07 - 2011-10-17 12:07 - 0000000 ____D C:\ProgramData\Codemasters
2011-10-17 12:07 - 2011-10-17 12:07 - 0000000 ____D C:\Documents and Settings\All Users\Codemasters
2011-10-17 12:07 - 2011-10-17 12:07 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Codemasters
2011-10-17 11:50 - 2011-10-17 11:50 - 0000000 ____D C:\Program Files\BRS
2011-10-17 11:50 - 2011-09-13 20:17 - 0445016 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2011-10-17 11:50 - 2011-09-13 20:17 - 0109144 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2011-10-17 11:50 - 2011-09-13 20:17 - 0000000 ____D C:\Program Files\OpenAL
2011-10-17 11:40 - 2011-10-17 11:40 - 0000000 ____D C:\Program Files\Codemasters
2011-10-15 15:30 - 2011-05-21 18:16 - 0000899 ____A C:\Users\Public\Desktop\Tunngle beta.lnk
2011-10-15 15:30 - 2011-05-21 18:16 - 0000899 ____A C:\Documents and Settings\Public\Desktop\Tunngle beta.lnk
2011-10-15 15:30 - 2011-05-21 18:15 - 0000000 ____D C:\Program Files\Tunngle
2011-10-15 15:29 - 2011-10-15 15:29 - 3021376 ____A (Tunngle.net GmbH ) C:\Users\tommyg\Downloads\Tunngle_Setup_v4.3.2.5.exe
2011-10-15 15:29 - 2011-10-15 15:29 - 3021376 ____A (Tunngle.net GmbH ) C:\Documents and Settings\tommyg\Downloads\Tunngle_Setup_v4.3.2.5.exe
2011-10-15 05:38 - 2011-12-14 10:09 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-14 16:31 - 2011-10-13 18:29 - 0001156 ____A C:\Users\tommyg\Desktop\Orcs Must Die!.lnk
2011-10-14 16:31 - 2011-10-13 18:29 - 0001156 ____A C:\Documents and Settings\tommyg\Desktop\Orcs Must Die!.lnk
2011-10-14 13:12 - 2011-10-14 13:12 - 12690643 ____A C:\Users\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack.rar
2011-10-14 13:12 - 2011-10-14 13:12 - 12690643 ____A C:\Documents and Settings\tommyg\Downloads\Latest_iXtreme_and_Stock_Firmware_Pack.rar
2011-10-14 12:59 - 2011-10-14 12:58 - 0734057 ____A C:\Users\tommyg\Desktop\BenQ iXtreme LT Plus v1.9.rar
2011-10-14 12:59 - 2011-10-14 12:58 - 0734057 ____A C:\Documents and Settings\tommyg\Desktop\BenQ iXtreme LT Plus v1.9.rar
2011-10-14 12:58 - 2011-10-15 17:52 - 8990288 ____A C:\Users\tommyg\Desktop\JungleFlasher.0.1.89.Beta(284) - Copy.rar
2011-10-14 12:58 - 2011-10-15 17:52 - 8990288 ____A C:\Documents and Settings\tommyg\Desktop\JungleFlasher.0.1.89.Beta(284) - Copy.rar
2011-10-14 12:58 - 2011-10-14 12:58 - 8990288 ____A C:\Users\tommyg\Desktop\JungleFlasher.0.1.89.Beta(284).rar
2011-10-14 12:58 - 2011-10-14 12:58 - 8990288 ____A C:\Documents and Settings\tommyg\Desktop\JungleFlasher.0.1.89.Beta(284).rar
2011-10-14 09:04 - 2011-04-06 18:43 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-10-13 18:34 - 2011-10-09 14:55 - 0000000 ____D C:\Users\tommyg\Documents\Orcs Must Die
2011-10-13 18:34 - 2011-10-09 14:55 - 0000000 ____D C:\Documents and Settings\tommyg\Documents\Orcs Must Die
2011-10-12 17:53 - 2011-12-12 13:18 - 0200104 ____A (fCoder Group International) C:\Windows\System32\cnvshell.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 3070.49 MB
Available physical RAM: 2078.05 MB
Total Pagefile: 7718.78 MB
Available Pagefile: 6424.4 MB
Total Virtual: 3071.88 MB
Available Virtual: 2948.35 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:13.58 GB) NTFS ==>[Drive with boot components]
2 Drive d: (Repair disc Windows 7 Ultimate () (CDROM) (Total:0.14 GB) (Free:0 GB) UDF

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 298 GB Healthy System

==========================================================

Last Boot: 2012-01-05 04:47

======================= End Of Log ==========================

Broni · Jan 9, 2012

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

smokeymac · Jan 9, 2012

Hi i have ran that tool already, i used it again just and the message i recieved was 'backdoor.tidserv has not been found on your computer'

Broni · Jan 9, 2012

We'll try to reset your MBR....

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.

Post new Bootkit Remover log.

smokeymac · Jan 9, 2012

ok ill do that now, one thing before i restar i done another scan while i waited for reply with tdsskiller and found the address of the infected mbr, should i not use a program to remove that partition?

21:05:41.0130 0648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:05:41.0161 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:05:41.0161 0648 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:05:41.0161 0648 Boot (0x1200) (f2bf368b7843aa98cdc72206c9c2eb7f) \Device\Harddisk0\DR0\Partition0
21:05:41.0161 0648 \Device\Harddisk0\DR0\Partition0 - ok
21:05:41.0161 0648 ============================================================
21:05:41.0161 0648 Scan finished
21:05:41.0161 0648 ============================================================
21:05:41.0177 5496 Detected object count: 1
21:05:41.0177 5496 Actual detected object count: 1
21:05:49.0071 5496 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
21:05:49.0102 5496 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:05:49.0149 5496 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
21:05:49.0149 5496 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:05:49.0149 5496 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:05:49.0149 5496 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:05:49.0149 5496 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:05:49.0164 5496 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:05:49.0164 5496 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:05:49.0164 5496 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:05:49.0164 5496 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

even tho it says copied to quarantine, its still there after each scan,

ill try the bootrec /fixmbr now

Broni · Jan 9, 2012

Wait!...........

Broni · Jan 9, 2012

OK. Go ahead....

smokeymac · Jan 9, 2012

ok booted from disc it auto started the startup repair first time then i entered the two commands into cmd, but still same message in bootkit remover

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

smokeymac · Jan 9, 2012

Broni said:
Wait!...........

sorry only just saw this :/

smokeymac · Jan 9, 2012

2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Users\All Users\Application Data\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Users\All Users\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\ProgramData\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Documents and Settings\All Users\Application Data\70fkeN.dat
2011-12-19 00:33 - 2011-12-19 00:35 - 0000112 ____A C:\Documents and Settings\All Users\70fkeN.dat
2011-12-19 00:21 - 2011-12-19 00:21 - 0000000 ____A C:\Users\tommyg\AppData\Roaming\eejQt.txt
2011-12-19 00:21 - 2011-12-19 00:21 - 0000000 ____A C:\Documents and Settings\tommyg\AppData\Roaming\eejQt.txt

there out of my farbar log, do you think they are suspect? i noticed on another thread of the same problem that the infecting files installed just a few mins after these installed on my system?

Inactive Windows Firewall and Defender won't start after virus removal

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Similar threads