Jump to content

Legendofham+

Honorary Members
  • Posts

    54
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

2,879 profile views
  1. Greetings, I recently encountered a problem where sometimes when I wake my laptop from sleep, the login page is missing and I am unable to select any accounts or enter my password. A video of my problem: https://youtu.be/2mXHgH30WDQ This problem occurs whether the laptop is plugged in or not. There are no touchscreens, fingerprint scanners, or IR cameras. My Windows 10 Specs: Edition: Windows 10 Home Version: 1607 OS Build: 14393.693 System type: 64-bit operating system, x64-based processor. I've been trying to figure out what is causing this issue for a while now and I would like to find a solution soon. I appreciate everyone's time and help.
  2. Hi Aura, I appreciate your help. My laptop doesn't have a fingerprint sensor, but it does have a built in TPM chip whatever that is. Anyways, since this laptop isn't infected, I will try to find answers elsewhere. Is it a good idea to open another thread in General PC help here at the forum? Many thanks for your time and help.
  3. Greetings, I recently encountered a problem where sometimes when I wake my laptop from sleep, the login page is missing and I am unable to select any accounts or enter my password. A video of my problem: https://youtu.be/2mXHgH30WDQ I would like to rule out malware as the reason for this problem. Some help would be most appreciated. I scanned with malwarebytes and detected nothing. Here are my FRST Logs (attached). Addition.txt FRST.txt
  4. Sorry MrC, i didn't get an email notifying your reply. I will get on that right away. Before I scan, i want to report that the computer is running smoothly Edit 1: Here is the scan. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 legendofham :: LEGENDOFHAM-PC [administrator] 10/08/2012 12:18:02 AM mbam-log-2012-08-10 (00-18-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201763 Time elapsed: 3 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) By the way, may I delete the files in RogueKiller Quarantine? Avira Antivirus always detects it as a virus and it's getting annoying. Anyways, thanks for your help and your time.
  5. Here is the log: ComboFix 12-08-07.03 - legendofham 07/08/2012 18:49:47.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5612.3833 [GMT -7:00] Running from: c:\users\legendofham\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\users\legendofham\AppData\Local\installer.log . . ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))) . . 2012-08-08 02:05 . 2012-08-08 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-03 03:17 . 2012-08-03 03:17 -------- d-----w- C:\FRST 2012-08-02 20:35 . 2012-08-02 20:35 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-02 19:23 . 2012-08-07 03:07 -------- d-----w- c:\programdata\7531EE6D889E68028DC50892F875F002 2012-07-20 23:02 . 2011-06-17 00:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll 2012-07-20 22:56 . 2012-07-20 22:56 -------- d-----w- c:\windows\SysWow64\kodak 2012-07-20 22:55 . 2012-07-20 22:55 -------- d-----w- c:\windows\SysWow64\spool 2012-07-20 22:52 . 2012-07-20 22:52 -------- d-----w- c:\users\legendofham\AppData\Roaming\KODAK AiO Home Center1568652956 2012-07-19 04:59 . 2012-07-19 04:59 -------- d-----w- c:\program files (x86)\uTorrent 2012-07-19 04:58 . 2012-07-19 05:42 -------- d-----w- c:\users\legendofham\AppData\Roaming\uTorrent 2012-07-19 01:39 . 2012-07-19 01:39 -------- d-----w- c:\programdata\IBUpdaterService 2012-07-19 01:39 . 2012-07-19 01:43 -------- d-----w- c:\users\legendofham\AppData\Roaming\PerformerSoft 2012-07-19 01:39 . 2012-03-14 22:47 19000 ----a-w- c:\windows\system32\roboot64.exe 2012-07-19 01:39 . 2012-07-19 01:39 -------- d-----w- c:\program files (x86)\appbario2 2012-07-19 00:28 . 2012-07-19 00:28 -------- d-----w- c:\users\legendofham\AppData\Local\gzdoom 2012-07-16 20:29 . 2012-07-16 20:29 -------- d-----w- c:\program files\Paint.NET 2012-07-16 20:28 . 2012-08-03 03:39 -------- d-----w- c:\users\legendofham\AppData\Local\Paint.NET 2012-07-16 20:01 . 2012-07-16 20:01 -------- d-----w- c:\users\legendofham\AppData\Local\fontconfig 2012-07-16 20:01 . 2012-07-16 20:23 -------- d-----w- c:\users\legendofham\.gimp-2.8 2012-07-16 20:01 . 2012-07-16 20:01 -------- d-----w- c:\users\legendofham\AppData\Local\gegl-0.2 2012-07-16 19:32 . 2012-07-16 19:32 -------- d-----w- c:\program files (x86)\LOLReplay 2012-07-14 06:52 . 2012-07-24 05:06 -------- d-----w- c:\users\legendofham\AppData\Local\PAYDAY 2012-07-13 01:37 . 2012-07-13 01:37 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-07-10 07:20 . 2012-07-10 07:20 -------- d-----w- c:\users\legendofham\AppData\Roaming\Audacity 2012-07-10 07:19 . 2012-07-10 07:19 -------- d-----w- c:\program files (x86)\Audacity . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-07 04:44 . 2012-04-15 06:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-07 04:44 . 2012-04-15 06:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-17 19:02 . 2012-06-28 17:50 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll 2012-07-05 01:08 . 2012-07-04 05:48 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-05 01:08 . 2012-07-04 05:40 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-04 06:23 . 2012-07-04 05:40 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-04 05:48 . 2012-07-04 05:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-07-04 05:29 . 2012-07-04 05:40 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe 2012-07-03 20:46 . 2012-06-13 04:25 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-09 20:23 . 2012-06-09 20:23 268744 ----a-w- c:\windows\system32\javaws.exe 2012-06-09 20:23 . 2012-06-09 20:23 189384 ----a-w- c:\windows\system32\javaw.exe 2012-06-09 20:23 . 2012-06-09 20:23 188872 ----a-w- c:\windows\system32\java.exe 2012-06-09 20:23 . 2012-06-09 20:23 955848 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-09 20:23 . 2012-06-09 20:23 839112 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-02 22:19 . 2012-06-21 00:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 00:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 00:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 00:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 00:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-21 00:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 00:19 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 00:19 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-21 00:19 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-05-23 05:44 . 2012-05-23 05:44 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2012-04-19 06:04 . 2012-04-19 04:52 1772419764 ----a-w- c:\program files (x86)\ElswordInstaller_ver1_32-1a.bin 2012-04-19 06:01 . 2012-04-19 04:52 327427 ----a-w- c:\program files (x86)\ElswordInstaller_ver1_32.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-08_01.06.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-08-08 01:47 44626 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2012-08-08 01:05 . 2012-08-08 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-08 01:44 . 2012-08-08 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-08 01:44 . 2012-08-08 01:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-08 01:05 . 2012-08-08 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-08-08 01:43 389516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-08-08 01:04 389516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936] "{cdf97ee2-ded0-4369-835e-99dd08225fa5}"= "c:\program files (x86)\appbario2\prxtbappb.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{cdf97ee2-ded0-4369-835e-99dd08225fa5}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cdf97ee2-ded0-4369-835e-99dd08225fa5}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\appbario2\prxtbappb.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-20 20:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936] "{cdf97ee2-ded0-4369-835e-99dd08225fa5}"= "c:\program files (x86)\appbario2\prxtbappb.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{cdf97ee2-ded0-4369-835e-99dd08225fa5}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\legendofham\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\legendofham\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\legendofham\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-07 1353080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168] "RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] . c:\users\legendofham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\legendofham\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 136176] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 250056] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-07-16 36000] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-07-16 259744] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-07-16 109216] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-07-16 166048] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-07-16 59040] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-07-16 283296] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-16 289440] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-15 1255736] R3 X6va006;X6va006;c:\users\LEGEND~1\AppData\Local\Temp\0065782.tmp [x] R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2011-10-12 13824] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 204288] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224] S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-16 146592] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-16 91296] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728] S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 10496000] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 326656] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-07-16 29344] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-08-31 197416] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432] . . Contents of the 'Scheduled Tasks' folder . 2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 04:44] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 03:38] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 03:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\legendofham\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\legendofham\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\legendofham\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\legendofham\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-16 791200] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-16 657568] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-17 2922496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975 mStart Page = hxxp://samsung.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\legendofham\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\legendofham\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll FF - ProfilePath - c:\users\legendofham\AppData\Roaming\Mozilla\Firefox\Profiles\1p8sa2kp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe Toolbar-Locked - (no file) WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{CDF97EE2-DED0-4369-835E-99DD08225FA5} - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006] "ImagePath"="\??\c:\users\LEGEND~1\AppData\Local\Temp\0065782.tmp" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-07 20:02:38 ComboFix-quarantined-files.txt 2012-08-08 03:02 . Pre-Run: 85,009,117,184 bytes free Post-Run: 84,467,609,600 bytes free . - - End Of File - - 8174DCD331D79D44737BAAFB7740202B
  6. It's been half an hour after the message on combofix says do not run any programs, log is being prepared. Is that usual or is something wrong?
  7. When I disabled Avira Antivirus free 2012 and ran combofix, it still warned about anti virus being active and was a risk. Should I continue combofix?
  8. hi MrC, I am back from my trip. Is there anything I need to do now?
  9. i'm sorry, i'll be out of town tommorrow, that's why i was so worried. I need the computer during this trip. Again I'm glad you can help me. I won't be back until tuesday of next week.
  10. Thanks for helping at your time. Here is the report of the quick scan. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.02.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 legendofham :: LEGENDOFHAM-PC [limited] 02/08/2012 9:03:48 PM mbam-log-2012-08-02 (21-03-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197804 Time elapsed: 4 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) It looks clean and the computer is running smoothly. Is there anything else i need to be aware about?
  11. Here it is: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by SYSTEM at 2012-08-02 20:55:59 Run:1 Running from H:\ ============================================== C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f} moved successfully. C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f} not found. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  12. sorry i don't quite understand your last request. Why is there an attached file to your reply? What do I do with it?
  13. When i restarted the computer normally, my antivirus (avira) picked up something. I took a screen shot. It is attached. P.s I just noticed your message and is working on it now.
  14. Here are the files: FRST: Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 02-08-2012 20:21:55 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2776872 2011-08-31] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [791200 2011-07-15] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [657568 2011-07-15] (Atheros Commnucations) HKLM\...\Run: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [87336 2010-09-19] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-01] (CyberLink) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1568976 2012-06-20] (Ask) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x] HKU\legendofham\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\legendofham\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-04-14] (Valve Corporation) Startup: C:\Users\legendofham\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-02] (Avira Operations GmbH & Co. KG) 2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG) 2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [465360 2012-05-01] (Avira Operations GmbH & Co. KG) 2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-07-15] (Atheros) 2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-07-15] (Atheros Commnucations) 2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.) 2 KMService; C:\windows\SysWow64\srvany.exe [8192 2012-05-22] () 2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company) 2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2012-07-03] () 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] () ========================== Drivers (Whitelisted) ============= 3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-07-15] (Atheros) 2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH) 1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH) 1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH) 3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [259744 2011-07-15] (Atheros) 3 btath_avdt; C:\Windows\System32\Drivers\btath_avdt.sys [109216 2011-07-15] (Atheros) 3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [29344 2011-07-15] (Atheros) 3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [166048 2011-07-15] (Atheros) 3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [59040 2011-07-15] (Atheros) 3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [283296 2011-07-15] (Atheros) 3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [289440 2011-07-15] (Atheros) 3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.) 3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2012-01-28] (Windows ® 2003 DDK 3790 provider) 2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.) 3 X6va006; \??\C:\Users\LEGEND~1\AppData\Local\Temp\0065782.tmp [x] 3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-02 19:18 - 2012-08-02 19:18 - 00058467 ____A C:\Users\legendofham\Desktop\FRST.txt 2012-08-02 19:17 - 2012-08-02 19:17 - 00000000 ____D C:\FRST 2012-08-02 19:16 - 2012-08-02 19:10 - 01438391 ____A (Farbar) C:\Users\legendofham\Desktop\FRST64.exe 2012-08-02 19:04 - 2012-08-02 19:04 - 00002818 ____A C:\Users\legendofham\Desktop\RKreport[3].txt 2012-08-02 19:03 - 2012-08-02 19:03 - 00002576 ____A C:\Users\legendofham\Desktop\RKreport[2].txt 2012-08-02 18:33 - 2012-08-02 18:33 - 00002558 ____A C:\Users\legendofham\Desktop\RKreport[1].txt 2012-08-02 18:32 - 2012-08-02 19:04 - 00000000 ____D C:\Users\legendofham\Desktop\RK_Quarantine 2012-08-02 18:32 - 2012-08-02 18:32 - 01552384 ____A C:\Users\legendofham\Desktop\RogueKiller.exe 2012-08-02 15:01 - 2012-08-02 15:01 - 00061594 ____A C:\Users\legendofham\Desktop\DDS.txt 2012-08-02 15:01 - 2012-08-02 15:01 - 00015329 ____A C:\Users\legendofham\Desktop\Attach.txt 2012-08-02 12:35 - 2012-08-02 12:35 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-08-02 11:23 - 2012-08-02 11:25 - 00000000 ____D C:\Users\All Users\7531EE6D889E68028DC50892F875F002 2012-08-02 11:07 - 2012-08-02 11:07 - 01624358 ____A C:\Users\legendofham\Desktop\mcpatcher-2.4.1_01.exe 2012-08-02 10:46 - 2012-08-02 10:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{741B7E24-2269-423E-996C-13A4E4430623} 2012-08-02 10:46 - 2012-08-02 10:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A60288B-9AB7-40AF-BE34-D17F4BA5CED4} 2012-08-01 20:27 - 2012-08-01 20:27 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A7E1A51D-BB31-4FDD-9B5D-8A0CC49F6C6C} 2012-08-01 20:27 - 2012-08-01 20:27 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1E834205-8861-43F9-8381-DC36A1CB1862} 2012-08-01 13:21 - 2012-08-01 13:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{58F44292-3544-47A6-98BF-0229F282E03F} 2012-08-01 13:21 - 2012-08-01 13:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{442533BF-E153-44A1-AE19-B3C50C62B150} 2012-08-01 12:01 - 2012-08-01 12:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0BBC3F8C-8494-4C56-9C54-32FE255E9ECF} 2012-08-01 12:00 - 2012-08-01 12:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A56D7E8F-1D83-4B21-912B-D20ED76EF1C0} 2012-07-31 17:59 - 2012-07-31 17:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FD0C3BC9-8436-4E43-83F9-8D8236A916FA} 2012-07-31 17:58 - 2012-07-31 17:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9F525E42-9A0D-494E-B57E-5BBC53A3A6A7} 2012-07-31 15:43 - 2012-07-31 15:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EA928293-ADDB-4B73-B5A8-298E607CF351} 2012-07-31 15:43 - 2012-07-31 15:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A298EE5C-7A35-4EA4-9C10-4665BD78061D} 2012-07-31 10:47 - 2012-07-31 10:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9BC2F131-8536-4BB9-9ADD-74064CFC5B75} 2012-07-31 10:47 - 2012-07-31 10:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2775FAE1-D59B-4C22-87DD-E13FF95DD6E0} 2012-07-30 22:52 - 2012-07-30 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EB19BFBA-F3AE-4975-96E3-F2EA7D30E047} 2012-07-30 22:52 - 2012-07-30 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{589D96E2-2804-47C6-82DF-51E766B2847B} 2012-07-30 19:01 - 2012-07-30 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A0624CBE-C6C1-4D17-997E-97E585832FF7} 2012-07-30 19:01 - 2012-07-30 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{198B5353-CAFB-44F9-9E03-C583356E9A30} 2012-07-30 11:17 - 2012-07-30 11:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F5134FDE-78ED-4797-8749-CDAEEE71D860} 2012-07-30 11:16 - 2012-07-30 11:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B8375534-8C49-4156-95BD-B3E0A2D0484E} 2012-07-29 19:44 - 2012-07-29 19:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{734255F8-7CCA-461B-8965-1619E8F759C1} 2012-07-29 17:40 - 2012-07-29 17:40 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B842D716-97DC-47C3-B848-5840394FFEE7} 2012-07-29 17:40 - 2012-07-29 17:40 - 00000000 ____D C:\Users\legendofham\AppData\Local\{30487995-D909-4BD5-8A9F-53D3AA3E7759} 2012-07-29 16:19 - 2012-07-29 16:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{63154C65-D08D-4E66-945E-B8321F7B799C} 2012-07-29 16:18 - 2012-07-29 16:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{ECD89350-5067-4C08-834A-E8F23569656E} 2012-07-29 14:34 - 2012-07-29 14:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4ACBFEDE-EC9D-4136-995B-F538CCAEB509} 2012-07-29 14:34 - 2012-07-29 14:34 - 00000000 ____D C:\Users\legendofham\AppData\Local\{23D47ADE-5BEB-4CA4-85E0-4835EB193A8D} 2012-07-29 12:38 - 2012-07-29 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7967605E-B687-45BF-9CA9-81E0093799B2} 2012-07-29 12:37 - 2012-07-29 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5558C927-6325-450B-9E9D-EA9B78E2D171} 2012-07-29 12:33 - 2012-07-29 12:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{83568868-9E7E-4922-82A6-DCF4480E13C8} 2012-07-29 12:32 - 2012-07-29 12:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{29A94440-CBFD-419A-9356-2DCFD0433DDA} 2012-07-29 07:59 - 2012-07-29 08:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AE0D4D9E-E918-430D-850A-C9CFD8880899} 2012-07-29 07:59 - 2012-07-29 07:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{90A72D56-BE3F-46CB-A86E-11D6FD9D95F3} 2012-07-28 16:02 - 2012-07-28 16:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7D87E853-C4C8-4A9D-A3AA-DA4E14891811} 2012-07-28 16:02 - 2012-07-28 16:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4CEED9EF-61AB-4861-A88F-E1C2383CFA25} 2012-07-28 15:59 - 2012-07-28 16:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{57BC2020-64EB-49BA-86FF-F2CB76333867} 2012-07-28 15:59 - 2012-07-28 15:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{34F063A0-0C2B-403A-B4D6-8C1FF0F5BB70} 2012-07-28 10:15 - 2012-07-28 10:15 - 00000000 ____D C:\Users\legendofham\AppData\Local\{339A874A-2905-4584-B9A5-7C6502AE2504} 2012-07-28 10:14 - 2012-07-28 10:15 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5C8FF446-E977-4219-8402-3D5D69D4ACAA} 2012-07-28 10:12 - 2012-07-28 10:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B51059AE-CC78-469D-AB44-90E15A41B75E} 2012-07-28 10:12 - 2012-07-28 10:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AD1DE65C-B763-48F4-B651-6566CE7991A4} 2012-07-27 22:18 - 2012-07-27 22:18 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A8F1588D-7B80-42C0-89F0-4DBCB855B30D} 2012-07-27 22:17 - 2012-07-27 22:18 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8262E4E3-7807-4DE4-B0E2-3879D1B6CB44} 2012-07-27 21:11 - 2012-07-27 21:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C8977654-07A4-40FE-B11B-A82732D50365} 2012-07-27 21:11 - 2012-07-27 21:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9D46BD3F-AD13-4EC5-8049-4D7147665C36} 2012-07-27 18:56 - 2012-07-27 18:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8AA7DCA4-4F99-44A8-BD55-53892FD02C81} 2012-07-27 18:56 - 2012-07-27 18:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3DD03808-9621-47C5-AA31-E0DE37488591} 2012-07-27 18:05 - 2012-07-27 18:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C874B19A-A887-445D-9788-E83F2ACF1112} 2012-07-27 18:05 - 2012-07-27 18:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{74D937E2-69F0-4B5F-B820-1BFC4593A5C0} 2012-07-27 13:06 - 2012-07-27 13:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F73CB384-C5BE-4A41-A737-41288E20C670} 2012-07-27 13:05 - 2012-07-27 13:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B0131C93-D9F7-400F-90A3-C185DEFCB0A2} 2012-07-27 11:37 - 2012-07-27 11:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CBA0D829-8706-4C6B-93B1-07E75DC6B1D4} 2012-07-27 11:37 - 2012-07-27 11:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AD58CF49-353D-4A90-B46F-34907EF80AD7} 2012-07-27 03:09 - 2012-07-27 03:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DCCE45F7-9745-4E18-A55B-B1BC26A86D22} 2012-07-27 03:09 - 2012-07-27 03:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C8170193-A8C4-4218-969D-81BDAAF82E33} 2012-07-26 23:06 - 2012-07-26 23:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8CB56A59-B278-460A-8973-D792B99A044F} 2012-07-26 23:06 - 2012-07-26 23:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2662A82D-F0DC-459D-A40E-3CE332A199C7} 2012-07-26 22:33 - 2012-07-26 22:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8E4D38B7-24AF-45B0-8D50-138CC2738D62} 2012-07-26 22:32 - 2012-07-26 22:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C301221C-347F-44FC-8E9F-CC0C9E12F177} 2012-07-26 22:29 - 2012-07-26 22:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F1F83FAA-8AD8-462C-924E-BAD11416CD95} 2012-07-26 22:29 - 2012-07-26 22:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8D1B7F5C-C987-490C-8F4B-F34B2FDBFE1E} 2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C48EDBED-B245-4B0E-97C8-ACC6F4B40072} 2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BF499D45-D67A-401E-97FD-753F9EEAA72F} 2012-07-26 18:47 - 2012-07-26 18:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6DEA02B1-BB34-46F8-A835-A85FDFFCE152} 2012-07-26 18:46 - 2012-07-26 18:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{656E84C6-0835-4311-8880-E60755BA9613} 2012-07-26 15:09 - 2012-07-26 15:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{11085CB7-D322-4492-ADC7-5CAAB2FA886B} 2012-07-26 15:09 - 2012-07-26 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{04F1A298-AFDB-4DE3-8B0C-E4E81BC43FA7} 2012-07-26 11:13 - 2012-07-26 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{752E1F76-DAA4-452F-9DFF-DE57EDA03C54} 2012-07-26 11:12 - 2012-07-26 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C73BC29E-7C63-4D9C-B778-D1E7C5DC9ED0} 2012-07-26 00:13 - 2012-07-26 00:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4AD2EBDD-AAB5-4BB9-AB62-EFD313539A03} 2012-07-26 00:12 - 2012-07-26 00:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{28DF05AC-9E0B-43C4-87A3-99319D8C8ADA} 2012-07-25 22:58 - 2012-07-25 22:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{93BAC7AD-3543-4294-8786-48EDC5ED5513} 2012-07-25 22:58 - 2012-07-25 22:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67BE79A3-AA3E-4A13-B2AE-375D83C72F29} 2012-07-25 20:35 - 2012-07-25 20:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EEA007EB-E64C-484D-B811-13CB3F26C33C} 2012-07-25 20:35 - 2012-07-25 20:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5530C1E2-7CD0-4223-8963-FE1700222817} 2012-07-25 16:53 - 2012-07-25 16:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{56C23AC1-C3E1-45A4-84A8-4F0A33D04F62} 2012-07-25 16:52 - 2012-07-25 16:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1D724D82-4FEB-4574-B7DA-1A503E249E76} 2012-07-25 12:05 - 2012-07-25 12:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6F49A8C4-FB41-4B03-82BC-46DE21043AD3} 2012-07-25 12:04 - 2012-07-25 12:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2CBB694E-1390-4ADE-BA17-C85194CE11AB} 2012-07-25 10:20 - 2012-07-25 10:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BCF6E9AE-DF87-447A-833F-B0CE22078D3C} 2012-07-25 10:20 - 2012-07-25 10:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{80D8D8F7-481A-41D5-9012-D7F57B44C46A} 2012-07-24 20:58 - 2012-07-24 21:00 - 75552096 ____A C:\Users\legendofham\Desktop\God of Deceit V 1.0.zip 2012-07-24 19:25 - 2012-07-24 19:25 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2742A29A-7873-447B-BF6E-4DB22023FA53} 2012-07-24 19:24 - 2012-07-24 19:25 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CAE79AE8-B7C7-4CCB-8664-7B532A08C17D} 2012-07-24 15:37 - 2012-07-24 15:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9492103B-23B1-48B7-A22C-CD21F43196DD} 2012-07-24 15:37 - 2012-07-24 15:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67ECBF4F-770F-46C7-8606-5C4104141D51} 2012-07-24 15:33 - 2012-07-24 15:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8C7B070B-22F9-4493-8AE7-84434F9BF707} 2012-07-24 12:39 - 2012-07-24 12:39 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8295D173-AB30-4E68-94B7-337C618A4995} 2012-07-24 12:39 - 2012-07-24 12:39 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5D4647F9-90EF-4E88-9E19-9906C2BE0BEA} 2012-07-24 11:34 - 2012-07-24 11:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DDD85889-94DF-4540-A497-45040E9AA143} 2012-07-24 11:34 - 2012-07-24 11:34 - 00000000 ____D C:\Users\legendofham\AppData\Local\{318AD0C4-7F97-4D4C-B380-BFE3AEE4E9EB} 2012-07-23 18:12 - 2012-07-23 18:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D7D37781-5E65-4C17-9CF4-7AF57728842C} 2012-07-23 18:12 - 2012-07-23 18:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D22E5ED8-BFB2-4B8A-819F-EEED216C136D} 2012-07-23 14:33 - 2012-07-23 14:34 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8CC5C239-4E27-4F2E-89BF-A02AD049D7B5} 2012-07-23 14:33 - 2012-07-23 14:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{59CEFDE8-91EB-44AB-8543-C07AAC8ED62E} 2012-07-23 12:54 - 2012-07-23 12:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F36DBADE-917B-4A50-9D39-C1B39074D25F} 2012-07-23 12:54 - 2012-07-23 12:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{442D7B9C-78D0-4245-A8AF-75B4634D3455} 2012-07-23 10:59 - 2012-07-23 10:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{07B571DA-C95D-438D-801D-B39A393E97D5} 2012-07-23 10:58 - 2012-07-23 10:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{ED378BAA-BF84-446B-B9B6-B77B184552E0} 2012-07-22 23:44 - 2012-07-22 23:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B458440F-DC8B-49EF-826A-15E60BC99C32} 2012-07-22 23:43 - 2012-07-22 23:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E722A5E4-E7D1-429D-83C8-EB4A1F5CBF3C} 2012-07-22 23:35 - 2012-07-22 23:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{87113DA4-B24C-4344-830E-136B9EDD0CDD} 2012-07-22 23:35 - 2012-07-22 23:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{335E017E-B794-40A9-80AE-13D99E7B7AFF} 2012-07-22 18:38 - 2012-07-22 18:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F6DE9614-4339-4F45-8E48-DA393B8F134C} 2012-07-22 18:37 - 2012-07-22 18:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D535699C-FA8F-4940-9908-0E14EAE30A72} 2012-07-22 15:28 - 2012-07-22 15:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A8EFEB5C-207A-4253-B69D-90F62FC6AB22} 2012-07-22 15:28 - 2012-07-22 15:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9D49D4C3-8DBA-45CA-9D41-F30FC3B834AB} 2012-07-22 15:09 - 2012-07-22 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EC1E307D-3FA7-4BBE-A756-4607FB7562EF} 2012-07-22 15:09 - 2012-07-22 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{12B86ECF-46CB-45D1-B0D4-B80561D8767E} 2012-07-22 12:58 - 2012-07-22 12:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{172932CD-B6C0-42B6-9547-11962A3BA651} 2012-07-22 12:57 - 2012-07-22 12:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{74924F99-EC11-490B-920A-3A24D74B476D} 2012-07-21 22:26 - 2012-07-21 22:26 - 00000000 ____D C:\Users\legendofham\AppData\Local\{27C059EB-FBE9-44CF-847F-440EF1523ABE} 2012-07-21 22:25 - 2012-07-21 22:26 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2CCA5E33-236C-4000-96CF-0ADE49A9D09C} 2012-07-21 15:48 - 2012-07-21 15:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7B8F81AB-0166-4A28-A56E-8787179B9E4F} 2012-07-21 15:48 - 2012-07-21 15:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2AB7E6EA-13D4-4AEF-A3D1-8C73BEF95E33} 2012-07-21 00:11 - 2012-07-21 00:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EA3847C3-A015-46E6-9BC6-2DF75678DCBD} 2012-07-21 00:10 - 2012-07-21 00:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B33E4DD5-2548-4077-89FD-AF1E6ACF3991} 2012-07-20 22:43 - 2012-07-20 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{562CFAE9-1C0F-40BC-971F-21AC3203BB66} 2012-07-20 22:42 - 2012-07-20 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{60AC5001-AA9A-42F0-8AA4-9C6606811FF2} 2012-07-20 20:29 - 2012-07-20 20:30 - 00000000 ____D C:\Users\legendofham\AppData\Local\{785BB951-2BA6-486A-8CB7-CD3A3D039174} 2012-07-20 20:29 - 2012-07-20 20:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{701C61AE-FA81-42A3-9A12-CC60894CA033} 2012-07-20 17:10 - 2012-07-20 17:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6942956B-A440-4069-9D45-B4CE3CDDE47D} 2012-07-20 17:10 - 2012-07-20 17:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{61531B82-592F-4F0F-8F7A-2FD4D3BBFCEC} 2012-07-20 15:23 - 2012-07-20 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2F7A1EA3-D77B-44B7-9AE4-8F611F1F9B0A} 2012-07-20 15:22 - 2012-07-20 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{333F011F-2B13-4C33-9DFA-F534EF0DE16D} 2012-07-20 15:13 - 2012-07-20 15:14 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B2A3CC82-BD52-4F8A-AFF8-F85708337173} 2012-07-20 15:13 - 2012-07-20 15:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1505EBF5-75D6-4B02-8898-08D83C4E55BB} 2012-07-20 15:09 - 2012-07-20 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B85A8660-D039-4838-8DE2-97ACE4A733A5} 2012-07-20 14:58 - 2012-07-20 14:58 - 00002156 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk 2012-07-20 14:56 - 2012-07-20 14:56 - 00000000 ____D C:\Windows\SysWOW64\kodak 2012-07-20 14:55 - 2012-07-20 14:55 - 00000000 ____D C:\Windows\SysWOW64\spool 2012-07-20 14:52 - 2012-07-20 14:52 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\KODAK AiO Home Center1568652956 2012-07-20 14:51 - 2012-07-20 14:52 - 00034572 ____A C:\Users\legendofham\AppData\Local\c4u.log 2012-07-20 11:06 - 2012-07-20 11:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{83E32669-997A-4954-ACA5-4B363735D454} 2012-07-20 11:06 - 2012-07-20 11:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1CD3DEBB-688B-40AD-B5C0-5EE4E63EF237} 2012-07-19 12:38 - 2012-07-19 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8AD928A4-B751-4704-B89B-E0FD37374538} 2012-07-19 12:37 - 2012-07-19 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D1A4D9EB-180D-4174-A548-57A1BFCA42B8} 2012-07-19 12:28 - 2012-07-19 12:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B01F1D37-E4D8-44DA-AFCB-2F5A10CE671E} 2012-07-19 12:28 - 2012-07-19 12:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8B9497A5-326E-4819-BBA7-F7D5703F2F9B} 2012-07-18 22:52 - 2012-07-18 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CABE07EB-5F52-46B1-926D-664C883EA6B1} 2012-07-18 22:51 - 2012-07-18 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FA00FD9A-693F-4661-9658-E3E3A2987F8D} 2012-07-18 21:51 - 2012-07-18 21:51 - 00001052 ____A C:\Users\legendofham\Desktop\DOOM3 - Shortcut.lnk 2012-07-18 21:16 - 2012-07-18 21:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F20F17B8-68D8-4565-B1B9-1E5DEEC48577} 2012-07-18 21:16 - 2012-07-18 21:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{81C19DD9-D02A-497C-B752-77794D2B6C91} 2012-07-18 20:59 - 2012-07-18 20:59 - 00000943 ____A C:\Users\Public\Desktop\猥orrent.lnk 2012-07-18 20:59 - 2012-07-18 20:59 - 00000000 ____D C:\Program Files (x86)\uTorrent 2012-07-18 20:58 - 2012-07-18 21:42 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\uTorrent 2012-07-18 17:39 - 2012-07-18 17:43 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\PerformerSoft 2012-07-18 17:39 - 2012-07-18 17:39 - 00000009 ____A C:\END 2012-07-18 17:39 - 2012-07-18 17:39 - 00000000 ____D C:\Users\All Users\IBUpdaterService 2012-07-18 17:39 - 2012-07-18 17:39 - 00000000 ____D C:\Program Files (x86)\appbario2 2012-07-18 17:39 - 2012-03-14 14:47 - 00019000 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe 2012-07-18 16:49 - 2012-07-18 16:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9144C537-8BFC-48F2-B32B-8A3781F4FAF0} 2012-07-18 16:48 - 2012-07-18 16:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{92729210-F261-4890-8C66-7F5A3E930B56} 2012-07-18 16:28 - 2012-07-18 16:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\gzdoom 2012-07-18 15:38 - 2012-07-18 15:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F97E5623-CCC3-4B96-8713-31A2B4D30DDE} 2012-07-18 15:38 - 2012-07-18 15:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{09DE9A0C-3C29-426A-94D8-FF7D8B0E7C1F} 2012-07-18 13:13 - 2012-07-18 13:14 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3B2C56D9-3A81-4D2A-A3E3-137EE12A6A6A} 2012-07-18 13:13 - 2012-07-18 13:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F06DD52D-0CF3-4661-B0DA-2B0058193902} 2012-07-18 12:06 - 2012-07-18 12:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FD6FBE2F-A467-4009-B5E5-AD4EA4B62064} 2012-07-18 12:06 - 2012-07-18 12:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{36BFE7B7-3513-4F70-9B4A-A15A1E235FB9} 2012-07-18 12:03 - 2012-07-18 12:03 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EF2C6EC6-A05D-4125-896F-46129C228507} 2012-07-18 12:03 - 2012-07-18 12:03 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6B670726-7B2E-490F-9386-1428BDD7CB49} 2012-07-17 18:07 - 2012-07-17 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EE6C1155-5640-4D44-BC36-67A2E6D6714A} 2012-07-17 18:07 - 2012-07-17 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A53A40AB-99BC-4CA1-88FD-012D6427BD4A} 2012-07-17 17:08 - 2012-07-17 17:08 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2FE66BBD-E6D5-4E35-80E8-5756B99813AE} 2012-07-17 17:07 - 2012-07-17 17:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4F9318F5-B201-4A26-B6B9-A11529FDF603} 2012-07-17 16:32 - 2012-07-17 16:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{17F29F77-934E-48E5-9D6B-B0F74BCE3D0A} 2012-07-17 16:31 - 2012-07-17 16:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DF2768DC-7524-4093-9D97-EA7F15A13C26} 2012-07-17 16:07 - 2012-07-17 16:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8762614F-82C5-4C17-B9E0-7EA16FE714D4} 2012-07-17 16:07 - 2012-07-17 16:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{032BDF54-303E-419E-AD57-9D6150BBFC99} 2012-07-17 14:59 - 2012-07-17 14:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FE7A55B6-DBC6-4D43-9FA5-C76CFF3F5AB8} 2012-07-17 14:59 - 2012-07-17 14:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{11BF3D2F-BF23-4628-B220-B3DCA6A365F9} 2012-07-17 14:23 - 2012-07-17 14:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{836615C2-2311-4D34-B4D8-C0A0E287F643} 2012-07-17 14:23 - 2012-07-17 14:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{33CD7E6F-55CB-4B7F-A48D-3FBEFABB0D29} 2012-07-17 14:19 - 2012-07-17 14:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4B0C2CC6-990F-4C14-BCA2-A253581EF6C4} 2012-07-17 14:19 - 2012-07-17 14:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CEB7DBE9-7C61-4B0A-BB2B-6F674B73ADF8} 2012-07-17 13:13 - 2012-07-17 13:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B47F2313-4207-4566-994B-591C2777D4F9} 2012-07-17 13:13 - 2012-07-17 13:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{449B3EBA-92E2-4B7E-9113-C9E815964933} 2012-07-17 10:56 - 2012-07-17 10:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{240B856F-B2EA-4894-ADE5-A95BDF45F111} 2012-07-17 10:56 - 2012-07-17 10:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{08BB6331-782F-4EF4-B364-FFEB1F85A3D4} 2012-07-17 10:44 - 2012-07-17 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CAA2CDFF-3483-483A-9302-25CD7567BD03} 2012-07-17 10:43 - 2012-07-17 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0D71770B-7F74-4E23-9365-D7FA47E8A480} 2012-07-16 22:54 - 2012-07-16 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BF662F43-CAF8-4A85-A7FC-451D3ADE0E60} 2012-07-16 22:54 - 2012-07-16 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A0B84291-FAB9-4DD2-BAA7-840A26771162} 2012-07-16 21:59 - 2012-07-16 21:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1D0C18BC-530B-4AB3-AA96-1F521889B253} 2012-07-16 21:58 - 2012-07-16 21:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{831FB6C7-0C70-41AC-84DC-256C297073D9} 2012-07-16 17:42 - 2012-07-16 17:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6534FF12-CE88-46F6-9AA2-8EDE9EE01295} 2012-07-16 17:42 - 2012-07-16 17:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{588F6D24-9C9E-4550-8B3D-125BF665D21C} 2012-07-16 12:29 - 2012-07-16 12:29 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk 2012-07-16 12:29 - 2012-07-16 12:29 - 00000000 ____D C:\Program Files\Paint.NET 2012-07-16 12:28 - 2012-07-18 12:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\Paint.NET 2012-07-16 12:19 - 2012-07-16 12:19 - 00001478 ____A C:\Users\legendofham\AppData\Local\recently-used.xbel 2012-07-16 12:16 - 2012-07-16 12:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6523569E-BCF7-48DE-BCAB-EB320CCB5550} 2012-07-16 12:16 - 2012-07-16 12:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{92D4C60A-AE91-4C41-90D5-3B0BEAEAA7B7} 2012-07-16 12:01 - 2012-07-16 12:23 - 00000000 ____D C:\Users\legendofham\.gimp-2.8 2012-07-16 12:01 - 2012-07-16 12:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\gegl-0.2 2012-07-16 11:32 - 2012-07-17 11:35 - 00000000 ____D C:\Users\legendofham\Documents\LOLReplay 2012-07-16 11:32 - 2012-07-16 11:32 - 00001901 ____A C:\Users\Public\Desktop\LOL Recorder.lnk 2012-07-16 11:32 - 2012-07-16 11:32 - 00000000 ____D C:\Program Files (x86)\LOLReplay 2012-07-16 09:48 - 2012-07-16 09:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E12BD820-0430-4C1A-9EE5-A6F1B7DF3D59} 2012-07-16 09:48 - 2012-07-16 09:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{983FBE78-3EA2-492D-819D-D5F2543A7857} 2012-07-15 23:29 - 2012-07-15 23:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CEFA334B-9612-4D29-8AD1-BB6D3C688CD9} 2012-07-15 23:28 - 2012-07-15 23:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E9C91C9D-B2BA-41B7-BD41-7B5D0CDFD008} 2012-07-15 22:44 - 2012-07-15 22:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{729582F8-4C96-4D16-963B-8ACF978D8EE1} 2012-07-15 22:43 - 2012-07-15 22:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67F78D20-3E8A-4BB8-BC04-1161DA82DDCF} 2012-07-15 22:41 - 2012-07-15 22:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E5C41C88-D282-412D-94E3-FAE5CC9C2CCC} 2012-07-15 22:40 - 2012-07-15 22:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FCF1FB33-10BC-4837-8D92-E4A1A3DC8D1A} 2012-07-15 19:52 - 2012-07-15 19:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B07D37D3-CB43-4DC6-A9DD-2CF4FF82EA2B} 2012-07-15 19:52 - 2012-07-15 19:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{44FD72A6-44BA-4586-819F-406DE787DA65} 2012-07-15 13:12 - 2012-07-15 13:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D3A375E9-F5B1-493C-9015-000F7F9CAFB4} 2012-07-15 13:11 - 2012-07-15 13:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{42C302AF-1490-47A9-9F06-EC4F08A5DB53} 2012-07-14 22:54 - 2012-07-14 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CBAF96D0-6ED3-4B1F-8470-3B5528700DAC} 2012-07-14 22:53 - 2012-07-14 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A7979820-F5D0-4F69-9323-C30B52C7454D} 2012-07-14 22:36 - 2012-07-14 22:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E920734D-3896-4574-A55D-4BB43A95FEFC} 2012-07-14 22:36 - 2012-07-14 22:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{02599EF0-938A-434F-B07E-0ACAB3F2B208} 2012-07-14 19:48 - 2012-07-14 19:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AA8D9B3D-09FB-4774-8628-94CA9B192A5C} 2012-07-14 19:48 - 2012-07-14 19:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DD9D2DA6-8B92-4695-BB2C-7A408B137E77} 2012-07-14 16:38 - 2012-07-14 16:39 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4A905306-A541-4E26-96B9-0B0DBC5CCBE2} 2012-07-14 16:38 - 2012-07-14 16:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9CD6D3FA-355E-40E7-879C-8C12393844C3} 2012-07-14 12:56 - 2012-07-14 12:57 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8344BDF1-F23A-4C54-AA6B-3262BA976BFF} 2012-07-14 12:56 - 2012-07-14 12:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{32300F86-8C52-4DFE-A818-9C3F93337FFF} 2012-07-13 22:52 - 2012-07-23 21:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\PAYDAY 2012-07-13 17:46 - 2012-07-13 17:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{96FBBE88-62BB-49AF-AEDC-13F192178079} 2012-07-13 17:46 - 2012-07-13 17:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4DD62F13-29AF-46EA-9964-476E29918B82} 2012-07-13 15:19 - 2012-07-13 15:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AC9DEF13-122D-4B90-8B30-4EC976BCB227} 2012-07-13 15:19 - 2012-07-13 15:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{90062AFD-6DE8-4E41-A1A9-70D2173DC79D} 2012-07-13 12:59 - 2012-07-13 12:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8D74142A-A1F0-454D-A979-40A9821DB4EC} 2012-07-13 12:58 - 2012-07-13 12:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{83673B19-417B-4158-939B-CDDE29D7796A} 2012-07-13 10:50 - 2012-07-13 10:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C91024DC-3934-4935-A5B4-4671792FD1B4} 2012-07-13 10:50 - 2012-07-13 10:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{08F0DA9B-CD35-4E1A-A134-481139686E7A} 2012-07-12 23:19 - 2012-07-12 23:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3BD91A77-8EAE-4684-8A7F-EF888D3F6690} 2012-07-12 23:18 - 2012-07-12 23:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FC87D484-FDD5-4669-BB8A-D1767EBBE95A} 2012-07-12 22:20 - 2012-07-12 22:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0A345586-6CAF-4547-A888-EC73ACA622C1} 2012-07-12 22:20 - 2012-07-12 22:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B6E4ED8C-FD0B-4ECA-B12B-5B6A368F7DE9} 2012-07-12 20:48 - 2012-07-12 20:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A0F313DF-3092-4911-8987-B8C7208ECE93} 2012-07-12 20:48 - 2012-07-12 20:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{675BD837-96FE-49D8-A4BE-F9AECED134BA} 2012-07-12 17:37 - 2012-07-12 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2012-07-12 14:06 - 2012-07-12 14:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A50DE633-4BA7-4C55-B34A-7DCE5E863E67} 2012-07-12 14:05 - 2012-07-12 14:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F3F999C5-8603-4A8B-B3DB-E98F570B21FD} 2012-07-12 10:44 - 2012-07-12 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FA5AE773-F044-4216-8DF3-F362EFA78BF3} 2012-07-12 10:44 - 2012-07-12 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{50CD0A81-854F-4719-BC6C-8C0BF5E61495} 2012-07-12 08:55 - 2012-07-12 08:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C53342ED-E6F5-49F5-862F-5799F7351EEC} 2012-07-12 08:55 - 2012-07-12 08:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2EE62EF5-99A3-4A2A-B880-7EBB9E851D6F} 2012-07-11 21:36 - 2012-07-11 21:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7E340E2C-7EC7-4662-AD4D-4318E4E62134} 2012-07-11 21:36 - 2012-07-11 21:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6D60C412-F75E-4FCC-BD51-606A9536FC39} 2012-07-10 20:10 - 2012-07-10 20:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{653CBD18-FEA1-4AB7-AAF7-D8631BF2B326} 2012-07-10 20:10 - 2012-07-10 20:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3798A7F8-77C6-48BE-BBB9-6EF8A1F14A10} 2012-07-10 19:41 - 2012-07-10 19:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3FAAA144-AF54-4E34-96B8-F0A0196CBAE3} 2012-07-10 19:41 - 2012-07-10 19:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3998F1AF-099E-4C17-9A83-665A4DE0AEAC} 2012-07-10 18:57 - 2012-07-10 18:57 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3FBF6A73-85EF-4029-9ADF-305D654BAC6F} 2012-07-10 18:56 - 2012-07-10 18:57 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C614F7B8-4553-4828-A2BD-417B7153A90C} 2012-07-10 18:02 - 2012-07-10 18:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BB37FBF1-25C1-4A29-9516-9DCA3D2FB0CF} 2012-07-10 18:02 - 2012-07-10 18:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7FBB2916-D8CD-4D91-9014-975951047219} 2012-07-10 17:21 - 2012-07-10 17:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FC460371-E72A-42A5-918A-8F29088E231D} 2012-07-10 17:20 - 2012-07-10 17:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D0AE6AB0-EC64-48F7-A303-960C03A29153} 2012-07-10 16:15 - 2012-07-10 16:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{30BEED7C-F8A0-4AA7-BE66-0B2ABCAE51BA} 2012-07-10 16:15 - 2012-07-10 16:15 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EF8FEDEF-5A84-43BA-8FA1-70FD7DABA305} 2012-07-10 15:35 - 2012-07-10 15:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5FF79C23-0049-4CFD-B129-13403D9BFFAB} 2012-07-10 15:35 - 2012-07-10 15:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{755973B4-FA21-46F3-8681-E2A8C67084E7} 2012-07-10 15:32 - 2012-07-10 15:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E701EFE1-99E5-414E-BBF2-10F4866A4D54} 2012-07-10 15:31 - 2012-07-10 15:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{172B9C1B-BBF8-4C98-A4F2-C072D99D0861} 2012-07-10 13:00 - 2012-07-10 13:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{91731DA0-6D3E-49B7-BF86-2B26752727D5} 2012-07-10 12:59 - 2012-07-10 13:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E59D1C16-CAFB-4C43-BB2E-8961FB2716D1} 2012-07-10 12:06 - 2012-07-10 12:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4474EB8A-76CE-4B54-AE34-A4D1F15265E7} 2012-07-10 12:06 - 2012-07-10 12:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F367D6FF-4C4F-4A71-B387-7D03ECD599DE} 2012-07-10 11:36 - 2012-07-10 11:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{417F04F3-7C6A-4ED9-A8B5-6CB568929A8A} 2012-07-10 11:36 - 2012-07-10 11:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1D16CB93-25E9-42FE-B0C6-1D28F5989B09} 2012-07-10 11:02 - 2012-07-10 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{986EFCC1-7BF5-458B-82C6-79212F8530C1} 2012-07-10 11:02 - 2012-07-10 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5F5A4FF1-63A0-4194-9B13-A4BC5BAFC669} 2012-07-10 10:52 - 2012-07-10 10:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A580C24F-EE8F-40E8-9532-9113455775D0} 2012-07-10 10:52 - 2012-07-10 10:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F39BBE22-73F8-425D-A423-4E2A8A6B7115} 2012-07-09 23:20 - 2012-07-09 23:20 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\Audacity 2012-07-09 23:19 - 2012-07-09 23:19 - 00001007 ____A C:\Users\legendofham\Desktop\Audacity.lnk 2012-07-09 23:19 - 2012-07-09 23:19 - 00000000 ____D C:\Program Files (x86)\Audacity 2012-07-09 22:04 - 2012-07-09 22:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6BC57D51-7ED9-4FEA-9368-C1EDE75E2033} 2012-07-09 22:03 - 2012-07-09 22:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{40BFE558-4F0B-4231-A7A9-E50A82B9BB2D} 2012-07-09 21:17 - 2012-07-09 21:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EA3ED592-A444-46F8-9833-EC54A437295E} 2012-07-09 21:17 - 2012-07-09 21:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D4DC9563-0704-4409-8E8E-5220270F9DCE} 2012-07-09 19:11 - 2012-07-09 19:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5A016FEA-ADD7-4D6C-A124-0E1F5DF9ABB1} 2012-07-09 19:11 - 2012-07-09 19:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{160827BB-107C-4CC9-A0CC-B68DD929BB92} 2012-07-09 17:58 - 2012-07-09 17:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B853D86F-868E-4EB3-A96E-27DE2C45705A} 2012-07-09 17:58 - 2012-07-09 17:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{15EDE49B-7EF6-4E50-A3E7-B82288DDEB24} 2012-07-09 16:50 - 2012-07-09 16:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BFC7691D-D8B7-441B-8D42-9986AD43A5A3} 2012-07-09 16:50 - 2012-07-09 16:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7663893E-4B10-4617-8A70-83FB8E8FEA13} 2012-07-09 14:00 - 2012-07-09 14:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8DCF216F-4C48-4142-A9B8-8E2499D2C15A} 2012-07-09 13:59 - 2012-07-09 14:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DD5F641B-5CC5-4563-8F17-F67CD9C86709} 2012-07-09 11:32 - 2012-07-09 11:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3E012790-9BF3-420E-9983-8AB2CE9A2D84} 2012-07-09 11:32 - 2012-07-09 11:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{63363825-85D2-4FFA-A57E-8972251B392A} 2012-07-08 20:01 - 2012-07-08 20:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FBD1A726-0E18-489B-8884-2B6672A096B8} 2012-07-08 20:00 - 2012-07-08 20:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A2E9CAD-5681-4B40-984A-F39DBA011A17} 2012-07-08 19:51 - 2012-07-08 19:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{025B492B-2BBD-4D28-A38F-BEA9961481DB} 2012-07-08 19:50 - 2012-07-08 19:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{334244E6-BD6B-40C2-A534-0F010C3CE044} 2012-07-08 19:49 - 2012-07-26 22:32 - 00000000 ____D C:\Users\legendofham\Desktop\USA 2012-07-08 19:48 - 2012-07-09 13:58 - 00000000 ____D C:\Users\legendofham\Desktop\aberdeen 2012-07-08 19:42 - 2012-07-08 19:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BE551633-7E3C-4A55-9CF0-07184B21F3EC} 2012-07-08 19:41 - 2012-07-08 19:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AC2C7CA8-32F6-47BB-9DE2-6BAE8D0C25E4} 2012-07-07 23:32 - 2012-07-07 23:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B88AB3DC-D058-45E0-871B-1708F4A0B706} 2012-07-07 23:32 - 2012-07-07 23:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0A869E18-A288-4390-8B43-C537A3888982} 2012-07-07 20:51 - 2012-07-07 20:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{228984C9-367B-49D4-991B-D5FB3B84681F} 2012-07-07 20:51 - 2012-07-07 20:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{160CAC25-00B3-4310-95F0-26102D4ADA03} 2012-07-07 20:09 - 2012-07-07 20:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DFE7BBF3-ABAD-4BFF-AB87-75D742DF80A2} 2012-07-07 20:09 - 2012-07-07 20:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A38F203B-7199-4FE5-8A2C-D65D605E0C3C} 2012-07-07 18:51 - 2012-07-07 18:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B1E0D9BB-6839-41B0-9304-6B843FB20E44} 2012-07-07 18:50 - 2012-07-07 18:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4FFC7243-CBD0-4EBF-B048-2832EC6B6D74} 2012-07-07 16:47 - 2012-07-07 16:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3D50B8F5-FA11-43CF-B9E2-B6034BE45970} 2012-07-07 16:46 - 2012-07-07 16:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A9BFE7A-83BD-4EC4-B4CA-C78CEB391306} 2012-07-07 16:46 - 2012-07-07 16:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67E390CD-B6FC-404C-A5A2-4A9CF4BE8882} 2012-07-07 16:45 - 2012-07-07 16:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B87A67FD-B98F-4A2B-8949-1117243E6864} 2012-07-07 14:38 - 2012-07-07 14:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{91A2FE85-87C9-4C1A-BDA6-77B054D15424} 2012-07-07 14:38 - 2012-07-07 14:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{530972DD-EA94-4538-8B1C-217C8EF30D34} 2012-07-07 14:05 - 2012-07-07 14:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8D5A2DA6-0B69-4061-AA58-AE80A655984F} 2012-07-07 14:05 - 2012-07-07 14:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1B1F157C-8740-41E0-AB38-B262C097C80B} 2012-07-07 11:02 - 2012-07-07 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B83CEA0E-E771-42FC-B901-4427DA10E565} 2012-07-07 11:01 - 2012-07-07 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{20F40D59-3DE0-40D3-8792-5C4DEC4547BB} 2012-07-06 22:08 - 2012-07-06 22:08 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FC4D8D35-3C6D-45FC-B5D3-52BA52A885A2} 2012-07-06 22:08 - 2012-07-06 22:08 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0B92B4B5-F2AE-421B-92FD-8930F10FC8D0} 2012-07-06 19:01 - 2012-07-06 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7A37D2C8-F5DF-4EDD-81B4-E2443B46E487} 2012-07-06 19:00 - 2012-07-06 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EC1B0EA1-5346-4517-AC93-4DB3B6E24CE9} 2012-07-06 16:28 - 2012-07-06 16:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D24FE52E-7EE8-4761-840C-126A34D67BF3} 2012-07-06 16:28 - 2012-07-06 16:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5FA4F175-6DBE-4110-B4E5-2D89EF105140} 2012-07-06 15:07 - 2012-07-06 15:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{222D4ABC-F1F2-4942-98B7-DE2BBD6DF0FC} 2012-07-06 15:06 - 2012-07-06 15:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E306E956-1AAD-4428-BEA5-021A37777E65} 2012-07-06 14:52 - 2012-07-06 14:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CC7F04C2-F949-4261-9590-A28B2D84CCD7} 2012-07-06 14:52 - 2012-07-06 14:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3F1D5835-2731-4119-A88C-DDC43EE4C027} 2012-07-06 13:41 - 2012-07-06 13:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{232BF937-02C8-4CAF-95B0-2C27D13C7A2C} 2012-07-06 13:40 - 2012-07-06 13:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{99F26C68-0CED-4800-A3B9-BB05A8ED0DC0} 2012-07-06 12:43 - 2012-07-13 22:51 - 00017993 ____A C:\Windows\DirectX.log 2012-07-06 12:43 - 2012-07-06 12:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls 2012-07-06 12:36 - 2012-07-06 12:50 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios 2012-07-06 12:36 - 2012-07-06 12:36 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2012-07-06 09:13 - 2012-07-06 09:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FEB4E1AE-4887-4D48-B4B1-3A843EBCFE65} 2012-07-06 09:13 - 2012-07-06 09:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BB26B529-CF21-4574-8A26-31279FB55593} 2012-07-05 22:43 - 2012-07-05 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BFB84002-44E0-4F2A-BA0A-2C424CF49A67} 2012-07-05 22:42 - 2012-07-05 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{88274806-BB19-4567-8FDF-E02C7D29A173} 2012-07-05 19:33 - 2012-07-05 19:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4C47C091-0F3A-4D36-8F73-623C3B62F9CE} 2012-07-05 19:33 - 2012-07-05 19:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{46900DA0-F900-49BD-81EC-B7CEA1F5CE48} 2012-07-05 17:04 - 2012-07-05 17:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F49C72AB-0AA5-44CD-AE76-86955F157A08} 2012-07-05 17:03 - 2012-07-05 17:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5711EFA5-AC3B-4EE2-A6E4-D0C68BC52A3C} 2012-07-05 15:31 - 2012-07-05 15:31 - 00000000 ____D C:\Users\legendofham\AppData\Local\{35820B7E-6DCB-4ED4-82F1-5AA561A0B3CD} 2012-07-05 15:30 - 2012-07-05 15:31 - 00000000 ____D C:\Users\legendofham\AppData\Local\{369376C9-BA92-4D2B-BA15-D085BE68506B} 2012-07-05 15:18 - 2012-07-05 15:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{29661DFA-44B5-4E21-B1DE-65710CC87C13} 2012-07-05 15:18 - 2012-07-05 15:18 - 00000000 ____D C:\Users\legendofham\AppData\Local\{94F657B0-4A60-483D-8136-A18B776A4D83} 2012-07-05 13:53 - 2012-07-05 13:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{16876BC9-54F0-40E0-B26B-100C90CD61C6} 2012-07-05 13:01 - 2012-07-05 13:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{21A499AE-B085-423C-BE2E-F496D2C0DE10} 2012-07-05 09:46 - 2012-07-05 09:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FF16315B-821A-4FAF-BF33-E574DB25DA2C} 2012-07-05 09:46 - 2012-07-05 09:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{15508285-69BA-4781-B2F1-8AABD7F4A0BC} 2012-07-04 22:54 - 2012-07-04 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{638D644B-80D6-4656-BE47-8740051AA1A6} 2012-07-04 22:54 - 2012-07-04 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{052B1C65-7CFA-444E-9583-499DEB72B802} 2012-07-04 18:07 - 2012-07-04 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7ED2C154-58EC-49E1-AEE1-6379358548BD} 2012-07-04 18:07 - 2012-07-04 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{55537BB2-2B8A-4703-A403-F7FA3ABD22CA} 2012-07-04 17:20 - 2012-07-04 17:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CB5B6C5E-729C-4763-A0F1-0BD3EDA5A479} 2012-07-04 17:20 - 2012-07-04 17:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A303568D-431E-4815-A0A4-F7790B70278A} 2012-07-04 07:54 - 2012-07-04 07:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A2C8EA5-5916-44C3-AAAF-1FBC6BE394C4} 2012-07-04 07:54 - 2012-07-04 07:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EB5231CD-C768-4BED-B55C-73F02BF9EC91} 2012-07-03 22:55 - 2012-07-03 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B26DFA71-ADA1-4317-805D-1DA0CB2C0A8A} 2012-07-03 22:54 - 2012-07-03 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F63A9CC7-F197-46BA-9827-5C98E4991156} 2012-07-03 22:02 - 2012-07-03 22:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D5CBFD60-0207-428B-A991-2EFE97661735} 2012-07-03 22:01 - 2012-07-03 22:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4DF7395F-55E1-494F-984E-587028BA509A} 2012-07-03 21:48 - 2012-07-04 17:08 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-07-03 21:48 - 2012-07-03 21:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\PunkBuster 2012-07-03 21:40 - 2012-07-04 17:08 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-07-03 21:40 - 2012-07-03 22:23 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-07-03 21:40 - 2012-07-03 21:48 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2012-07-03 21:40 - 2012-07-03 21:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2012-07-03 21:40 - 2012-07-03 21:29 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe 2012-07-03 19:17 - 2012-07-03 19:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{01C994DB-6FFD-4755-86D6-84E28A45A1B5} 2012-07-03 19:16 - 2012-07-03 19:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8F7E7583-7DCF-4029-A0BF-490DBDCF3A08} 2012-07-03 18:11 - 2012-07-03 18:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\AskToolbar 2012-07-03 18:09 - 2012-07-03 18:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DF918E37-E805-4A46-A230-3757131A8AA3} 2012-07-03 18:09 - 2012-07-03 18:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B24F570B-7216-40E2-BB04-4EC1677D5518} 2012-07-03 15:23 - 2012-07-03 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4FC5B28F-D387-46C1-B48C-4F65E9E1CBD9} 2012-07-03 15:22 - 2012-07-03 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AE85D198-3368-4F2E-B953-B5498B2F8008} 2012-07-03 13:43 - 2012-07-03 13:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D1E3F921-EDBC-4035-A192-57E87057F8D5} 2012-07-03 13:42 - 2012-07-03 13:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B8EE7EDB-B219-4445-B957-8EB94CE3316D} 2012-07-03 11:13 - 2012-07-03 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{843CF25A-894E-4883-BF1F-31B61C522AAC} 2012-07-03 11:12 - 2012-07-03 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{316CB40A-9549-442B-BCC1-4BCD38203E35} 2012-07-03 10:41 - 2012-07-03 10:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{35B83A2D-5140-45E4-AA95-CD888EB52926} 2012-07-03 10:41 - 2012-07-03 10:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{47D77FCA-9E72-4AFF-8668-26EC19E5CE58} 2012-07-03 09:41 - 2012-07-03 09:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CFAD68A8-71BF-46DE-A7FD-66D65372028F} 2012-07-03 09:41 - 2012-07-03 09:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{75E904AA-38D4-4AD3-8EA7-16A553385622} ============ 3 Months Modified Files ======================== 2012-08-02 19:18 - 2012-08-02 19:18 - 00058467 ____A C:\Users\legendofham\Desktop\FRST.txt 2012-08-02 19:16 - 2009-07-13 21:13 - 00778112 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-02 19:13 - 2012-06-29 07:37 - 00006582 ____A C:\Windows\PFRO.log 2012-08-02 19:10 - 2012-08-02 19:16 - 01438391 ____A (Farbar) C:\Users\legendofham\Desktop\FRST64.exe 2012-08-02 19:04 - 2012-08-02 19:04 - 00002818 ____A C:\Users\legendofham\Desktop\RKreport[3].txt 2012-08-02 19:03 - 2012-08-02 19:03 - 00002576 ____A C:\Users\legendofham\Desktop\RKreport[2].txt 2012-08-02 19:01 - 2012-06-20 16:12 - 00012546 ____A C:\Windows\setupact.log 2012-08-02 19:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-02 18:33 - 2012-08-02 18:33 - 00002558 ____A C:\Users\legendofham\Desktop\RKreport[1].txt 2012-08-02 18:32 - 2012-08-02 18:32 - 01552384 ____A C:\Users\legendofham\Desktop\RogueKiller.exe 2012-08-02 15:16 - 2012-05-22 19:38 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-02 15:09 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-02 15:09 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-02 15:01 - 2012-08-02 15:01 - 00061594 ____A C:\Users\legendofham\Desktop\DDS.txt 2012-08-02 15:01 - 2012-08-02 15:01 - 00015329 ____A C:\Users\legendofham\Desktop\Attach.txt 2012-08-02 14:56 - 2011-12-22 10:57 - 01338562 ____A C:\Windows\WindowsUpdate.log 2012-08-02 14:45 - 2012-04-14 22:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-02 14:16 - 2012-05-22 19:38 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-02 11:43 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-02 11:18 - 2012-05-22 19:39 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2012-08-02 11:07 - 2012-08-02 11:07 - 01624358 ____A C:\Users\legendofham\Desktop\mcpatcher-2.4.1_01.exe 2012-07-26 16:44 - 2012-04-14 22:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-26 16:44 - 2012-04-14 22:07 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-24 21:00 - 2012-07-24 20:58 - 75552096 ____A C:\Users\legendofham\Desktop\God of Deceit V 1.0.zip 2012-07-24 16:18 - 2012-04-15 16:08 - 00000988 ____A C:\Users\legendofham\Desktop\Bandicam.lnk 2012-07-23 12:45 - 2011-12-21 19:27 - 00002083 ____A C:\Users\Public\Desktop\Easy Software Manager.lnk 2012-07-20 14:58 - 2012-07-20 14:58 - 00002156 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk 2012-07-20 14:52 - 2012-07-20 14:51 - 00034572 ____A C:\Users\legendofham\AppData\Local\c4u.log 2012-07-20 14:51 - 2012-04-20 15:49 - 00181940 ____A C:\Users\legendofham\AppData\Local\installer.log 2012-07-20 11:48 - 2012-06-28 09:51 - 00001239 ____A C:\Users\legendofham\Desktop\DVDVideoSoft Free Studio.lnk 2012-07-18 21:51 - 2012-07-18 21:51 - 00001052 ____A C:\Users\legendofham\Desktop\DOOM3 - Shortcut.lnk 2012-07-18 21:44 - 2012-06-12 20:25 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-18 20:59 - 2012-07-18 20:59 - 00000943 ____A C:\Users\Public\Desktop\猥orrent.lnk 2012-07-18 17:39 - 2012-07-18 17:39 - 00000009 ____A C:\END 2012-07-17 11:02 - 2012-06-28 09:50 - 00405144 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll 2012-07-16 12:29 - 2012-07-16 12:29 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk 2012-07-16 12:19 - 2012-07-16 12:19 - 00001478 ____A C:\Users\legendofham\AppData\Local\recently-used.xbel 2012-07-16 11:32 - 2012-07-16 11:32 - 00001901 ____A C:\Users\Public\Desktop\LOL Recorder.lnk 2012-07-13 22:51 - 2012-07-06 12:43 - 00017993 ____A C:\Windows\DirectX.log 2012-07-09 23:19 - 2012-07-09 23:19 - 00001007 ____A C:\Users\legendofham\Desktop\Audacity.lnk 2012-07-04 17:08 - 2012-07-03 21:48 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-07-04 17:08 - 2012-07-03 21:40 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-07-03 22:23 - 2012-07-03 21:40 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-07-03 21:48 - 2012-07-03 21:40 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2012-07-03 21:43 - 2012-04-14 18:21 - 00764126 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-03 21:29 - 2012-07-03 21:40 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe 2012-07-03 12:46 - 2012-06-12 20:25 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-28 10:16 - 2012-06-28 10:16 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-20 16:12 - 2012-06-20 16:12 - 00000000 ____A C:\Windows\setuperr.log 2012-06-13 22:54 - 2012-06-13 22:54 - 00002066 ____A C:\Users\Public\Desktop\Avira Control Center.lnk 2012-06-12 20:56 - 2012-06-12 20:56 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-06-09 19:12 - 2012-06-09 19:12 - 00278561 ____A C:\Users\legendofham\Desktop\Minecraft(1).exe 2012-06-09 12:24 - 2012-06-09 12:24 - 00227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-06-09 12:24 - 2012-06-09 12:24 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-06-09 12:24 - 2012-06-09 12:24 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-06-09 12:23 - 2012-06-09 12:23 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-06-09 12:23 - 2012-06-09 12:23 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-06-09 12:23 - 2012-06-09 12:23 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-06-09 12:23 - 2012-06-09 12:23 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-06-09 12:23 - 2012-06-09 12:23 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-06-02 14:19 - 2012-06-20 16:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-20 16:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-20 16:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:19 - 2012-06-20 16:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-20 16:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-20 16:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-20 16:19 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-20 16:19 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:15 - 2012-06-20 16:19 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-05-25 15:35 - 2012-04-15 18:25 - 00001041 ____A C:\Users\legendofham\Desktop\Dropbox.lnk 2012-05-22 22:16 - 2009-07-13 20:45 - 00425368 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-22 22:10 - 2012-05-22 22:10 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf 2012-05-22 21:44 - 2012-05-22 21:44 - 00008192 ____A C:\Windows\SysWOW64\srvany.exe 2012-05-22 21:29 - 2012-04-14 18:18 - 00113928 ____A C:\Users\legendofham\AppData\Local\GDIPFONTCACHEV1.DAT 2012-05-22 19:59 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-05-22 19:39 - 2012-05-22 19:39 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-05-22 19:38 - 2012-05-22 19:37 - 03654896 ____A (Piriform Ltd) C:\Users\legendofham\Downloads\ccsetup318.exe 2012-05-16 15:12 - 2012-05-03 22:36 - 00000989 ____A C:\Users\legendofham\Desktop\Handbrake.lnk 2012-05-14 19:32 - 2012-05-14 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf ZeroAccess: C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f} C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 5611.74 MB Available physical RAM: 4913.59 MB Total Pagefile: 5609.94 MB Available Pagefile: 4905.24 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:179 GB) (Free:67.96 GB) NTFS 2 Drive d: () (Fixed) (Total:267.06 GB) (Free:190.63 GB) NTFS 3 Drive f: (SAMSUNG_REC) (Fixed) (Total:19.6 GB) (Free:0.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive h: (LEGENDOFHAM) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 2048 KB Disk 1 Online 7648 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 179 GB 101 MB Partition 0 Extended 267 GB 179 GB Partition 4 Logical 267 GB 179 GB Partition 3 Recovery 19 GB 446 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 179 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D NTFS Partition 267 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F SAMSUNG_REC NTFS Partition 19 GB Healthy Hidden ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7647 MB 40 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H LEGENDOFHAM FAT32 Removable 7647 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-28 19:41 ======================= End Of Log ========================== Search: Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 2012-08-02 20:25:06 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  15. just an update, I am currently at the stage where the program is searching for services.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.