Jump to content

Live security Platinum virus removal. HELP


Recommended Posts

Hi, I am currently being attacked by the live security platinum virus. I tried the self help guide to remove this virus but it didn't work. I can't run dds.scr or .com because the virus is saying everything is infected. Also, I tried running chamleon but it didn't work. Please help!

-Legendofham-

Please help me as soon as possible, I wont be able to do anything tommorrow due to a trip and i need the computer as well. Thanks

Link to post
Share on other sites

Hi, sorry for the multi-post, I was worried no one would help me in time. I really need this laptop for a meeting due tommorrow. I have more information for my computer. It is a Samsung laptop. It is running windows 7 64-bit home premium. I managed to get dds working in safe mode so the logs are either below or attached. Again help is greatly appriceated.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0

Run by legendofham at 15:57:50 on 2012-08-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5612.4531 [GMT -7:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

svchost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227975

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

uURLSearchHooks: appbario2 Toolbar: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

mURLSearchHooks: appbario2 Toolbar: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: appbario2 Toolbar: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

TB: appbario2 Toolbar: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRunOnce: [7531EE6D889E68028DC50892F875F002] C:\ProgramData\7531EE6D889E68028DC50892F875F002\7531EE6D889E68028DC50892F875F002.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Conime] %windir%\system32\conime.exe

StartupFolder: C:\Users\LEGEND~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\legendofham\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\legendofham\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - C:\Users\legendofham\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A2C6D60D-C1DE-4333-BDAE-96DA70FAF4BB} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A2C6D60D-C1DE-4333-BDAE-96DA70FAF4BB}\14745414F5E4564777F627B6030313 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A2C6D60D-C1DE-4333-BDAE-96DA70FAF4BB}\245727E6564747F575962756C6563737 : DhcpNameServer = 10.5.10.2 10.2.10.2 8.8.8.8

TCP: Interfaces\{A2C6D60D-C1DE-4333-BDAE-96DA70FAF4BB}\368657273686D27657563747 : DhcpNameServer = 64.59.144.90 64.59.144.91 64.59.150.134

TCP: Interfaces\{D79A78F7-00FD-4165-BA32-90552F17833E} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

BHO-X64: DVDVideoSoftTB - No File

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: appbario2 Toolbar: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll

BHO-X64: appbario2 - No File

BHO-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

TB-X64: appbario2 Toolbar: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - C:\Program Files (x86)\appbario2\prxtbappb.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Conime] %windir%\system32\conime.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\legendofham\AppData\Roaming\Mozilla\Firefox\Profiles\1p8sa2kp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227975&SearchSource=2&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]

R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys --> C:\windows\system32\DRIVERS\btath_bus.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]

S1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]

S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-13 86224]

S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-13 110032]

S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-6-13 465360]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-7-15 146592]

S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-7-15 91296]

S2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-22 136176]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-6 8704]

S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-5-22 8192]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-14 250056]

S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys --> C:\windows\system32\DRIVERS\btath_flt.sys [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys --> C:\windows\system32\drivers\btath_a2dp.sys [?]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\system32\drivers\btath_avdt.sys --> C:\windows\system32\drivers\btath_avdt.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys --> C:\windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys --> C:\windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys --> C:\windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-22 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]

S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-02 20:35:20 -------- d-sh--w- C:\windows\System32\%APPDATA%

2012-08-02 19:23:49 -------- d-----w- C:\ProgramData\7531EE6D889E68028DC50892F875F002

2012-08-02 18:46:46 -------- d-----w- C:\Users\legendofham\AppData\Local\{6A60288B-9AB7-40AF-BE34-D17F4BA5CED4}

2012-08-02 18:46:33 -------- d-----w- C:\Users\legendofham\AppData\Local\{741B7E24-2269-423E-996C-13A4E4430623}

2012-08-02 04:27:22 -------- d-----w- C:\Users\legendofham\AppData\Local\{A7E1A51D-BB31-4FDD-9B5D-8A0CC49F6C6C}

2012-08-02 04:27:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{1E834205-8861-43F9-8381-DC36A1CB1862}

2012-08-01 21:21:48 -------- d-----w- C:\Users\legendofham\AppData\Local\{442533BF-E153-44A1-AE19-B3C50C62B150}

2012-08-01 21:21:24 -------- d-----w- C:\Users\legendofham\AppData\Local\{58F44292-3544-47A6-98BF-0229F282E03F}

2012-08-01 20:01:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{0BBC3F8C-8494-4C56-9C54-32FE255E9ECF}

2012-08-01 20:00:44 -------- d-----w- C:\Users\legendofham\AppData\Local\{A56D7E8F-1D83-4B21-912B-D20ED76EF1C0}

2012-08-01 01:59:13 -------- d-----w- C:\Users\legendofham\AppData\Local\{FD0C3BC9-8436-4E43-83F9-8D8236A916FA}

2012-08-01 01:58:51 -------- d-----w- C:\Users\legendofham\AppData\Local\{9F525E42-9A0D-494E-B57E-5BBC53A3A6A7}

2012-07-31 23:43:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{A298EE5C-7A35-4EA4-9C10-4665BD78061D}

2012-07-31 23:43:22 -------- d-----w- C:\Users\legendofham\AppData\Local\{EA928293-ADDB-4B73-B5A8-298E607CF351}

2012-07-31 18:47:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{9BC2F131-8536-4BB9-9ADD-74064CFC5B75}

2012-07-31 18:47:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{2775FAE1-D59B-4C22-87DD-E13FF95DD6E0}

2012-07-31 06:52:29 -------- d-----w- C:\Users\legendofham\AppData\Local\{EB19BFBA-F3AE-4975-96E3-F2EA7D30E047}

2012-07-31 06:52:03 -------- d-----w- C:\Users\legendofham\AppData\Local\{589D96E2-2804-47C6-82DF-51E766B2847B}

2012-07-31 03:01:43 -------- d-----w- C:\Users\legendofham\AppData\Local\{A0624CBE-C6C1-4D17-997E-97E585832FF7}

2012-07-31 03:01:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{198B5353-CAFB-44F9-9E03-C583356E9A30}

2012-07-30 19:17:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{F5134FDE-78ED-4797-8749-CDAEEE71D860}

2012-07-30 19:16:55 -------- d-----w- C:\Users\legendofham\AppData\Local\{B8375534-8C49-4156-95BD-B3E0A2D0484E}

2012-07-30 03:44:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{734255F8-7CCA-461B-8965-1619E8F759C1}

2012-07-30 01:40:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{30487995-D909-4BD5-8A9F-53D3AA3E7759}

2012-07-30 01:40:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{B842D716-97DC-47C3-B848-5840394FFEE7}

2012-07-30 00:19:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{63154C65-D08D-4E66-945E-B8321F7B799C}

2012-07-30 00:18:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{ECD89350-5067-4C08-834A-E8F23569656E}

2012-07-29 22:34:41 -------- d-----w- C:\Users\legendofham\AppData\Local\{4ACBFEDE-EC9D-4136-995B-F538CCAEB509}

2012-07-29 22:34:29 -------- d-----w- C:\Users\legendofham\AppData\Local\{23D47ADE-5BEB-4CA4-85E0-4835EB193A8D}

2012-07-29 20:38:02 -------- d-----w- C:\Users\legendofham\AppData\Local\{7967605E-B687-45BF-9CA9-81E0093799B2}

2012-07-29 20:37:40 -------- d-----w- C:\Users\legendofham\AppData\Local\{5558C927-6325-450B-9E9D-EA9B78E2D171}

2012-07-29 20:33:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{83568868-9E7E-4922-82A6-DCF4480E13C8}

2012-07-29 20:32:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{29A94440-CBFD-419A-9356-2DCFD0433DDA}

2012-07-29 15:59:49 -------- d-----w- C:\Users\legendofham\AppData\Local\{AE0D4D9E-E918-430D-850A-C9CFD8880899}

2012-07-29 15:59:27 -------- d-----w- C:\Users\legendofham\AppData\Local\{90A72D56-BE3F-46CB-A86E-11D6FD9D95F3}

2012-07-29 00:02:15 -------- d-----w- C:\Users\legendofham\AppData\Local\{7D87E853-C4C8-4A9D-A3AA-DA4E14891811}

2012-07-29 00:02:05 -------- d-----w- C:\Users\legendofham\AppData\Local\{4CEED9EF-61AB-4861-A88F-E1C2383CFA25}

2012-07-28 23:59:54 -------- d-----w- C:\Users\legendofham\AppData\Local\{57BC2020-64EB-49BA-86FF-F2CB76333867}

2012-07-28 23:59:32 -------- d-----w- C:\Users\legendofham\AppData\Local\{34F063A0-0C2B-403A-B4D6-8C1FF0F5BB70}

2012-07-28 18:15:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{339A874A-2905-4584-B9A5-7C6502AE2504}

2012-07-28 18:14:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{5C8FF446-E977-4219-8402-3D5D69D4ACAA}

2012-07-28 18:12:47 -------- d-----w- C:\Users\legendofham\AppData\Local\{B51059AE-CC78-469D-AB44-90E15A41B75E}

2012-07-28 18:12:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{AD1DE65C-B763-48F4-B651-6566CE7991A4}

2012-07-28 06:18:06 -------- d-----w- C:\Users\legendofham\AppData\Local\{A8F1588D-7B80-42C0-89F0-4DBCB855B30D}

2012-07-28 06:17:42 -------- d-----w- C:\Users\legendofham\AppData\Local\{8262E4E3-7807-4DE4-B0E2-3879D1B6CB44}

2012-07-28 05:11:53 -------- d-----w- C:\Users\legendofham\AppData\Local\{C8977654-07A4-40FE-B11B-A82732D50365}

2012-07-28 05:11:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{9D46BD3F-AD13-4EC5-8049-4D7147665C36}

2012-07-28 02:56:37 -------- d-----w- C:\Users\legendofham\AppData\Local\{8AA7DCA4-4F99-44A8-BD55-53892FD02C81}

2012-07-28 02:56:13 -------- d-----w- C:\Users\legendofham\AppData\Local\{3DD03808-9621-47C5-AA31-E0DE37488591}

2012-07-28 02:05:48 -------- d-----w- C:\Users\legendofham\AppData\Local\{74D937E2-69F0-4B5F-B820-1BFC4593A5C0}

2012-07-28 02:05:26 -------- d-----w- C:\Users\legendofham\AppData\Local\{C874B19A-A887-445D-9788-E83F2ACF1112}

2012-07-27 21:06:15 -------- d-----w- C:\Users\legendofham\AppData\Local\{F73CB384-C5BE-4A41-A737-41288E20C670}

2012-07-27 21:05:53 -------- d-----w- C:\Users\legendofham\AppData\Local\{B0131C93-D9F7-400F-90A3-C185DEFCB0A2}

2012-07-27 19:37:36 -------- d-----w- C:\Users\legendofham\AppData\Local\{CBA0D829-8706-4C6B-93B1-07E75DC6B1D4}

2012-07-27 19:37:11 -------- d-----w- C:\Users\legendofham\AppData\Local\{AD58CF49-353D-4A90-B46F-34907EF80AD7}

2012-07-27 11:09:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{DCCE45F7-9745-4E18-A55B-B1BC26A86D22}

2012-07-27 11:09:34 -------- d-----w- C:\Users\legendofham\AppData\Local\{C8170193-A8C4-4218-969D-81BDAAF82E33}

2012-07-27 07:06:11 -------- d-----w- C:\Users\legendofham\AppData\Local\{8CB56A59-B278-460A-8973-D792B99A044F}

2012-07-27 07:06:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{2662A82D-F0DC-459D-A40E-3CE332A199C7}

2012-07-27 06:33:01 -------- d-----w- C:\Users\legendofham\AppData\Local\{8E4D38B7-24AF-45B0-8D50-138CC2738D62}

2012-07-27 06:32:44 -------- d-----w- C:\Users\legendofham\AppData\Local\{C301221C-347F-44FC-8E9F-CC0C9E12F177}

2012-07-27 06:29:36 -------- d-----w- C:\Users\legendofham\AppData\Local\{F1F83FAA-8AD8-462C-924E-BAD11416CD95}

2012-07-27 06:29:14 -------- d-----w- C:\Users\legendofham\AppData\Local\{8D1B7F5C-C987-490C-8F4B-F34B2FDBFE1E}

2012-07-27 03:38:22 -------- d-----w- C:\Users\legendofham\AppData\Local\{BF499D45-D67A-401E-97FD-753F9EEAA72F}

2012-07-27 03:38:11 -------- d-----w- C:\Users\legendofham\AppData\Local\{C48EDBED-B245-4B0E-97C8-ACC6F4B40072}

2012-07-27 02:47:21 -------- d-----w- C:\Users\legendofham\AppData\Local\{6DEA02B1-BB34-46F8-A835-A85FDFFCE152}

2012-07-27 02:46:59 -------- d-----w- C:\Users\legendofham\AppData\Local\{656E84C6-0835-4311-8880-E60755BA9613}

2012-07-26 23:09:49 -------- d-----w- C:\Users\legendofham\AppData\Local\{11085CB7-D322-4492-ADC7-5CAAB2FA886B}

2012-07-26 23:09:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{04F1A298-AFDB-4DE3-8B0C-E4E81BC43FA7}

2012-07-26 19:13:02 -------- d-----w- C:\Users\legendofham\AppData\Local\{752E1F76-DAA4-452F-9DFF-DE57EDA03C54}

2012-07-26 19:12:39 -------- d-----w- C:\Users\legendofham\AppData\Local\{C73BC29E-7C63-4D9C-B778-D1E7C5DC9ED0}

2012-07-26 08:13:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{4AD2EBDD-AAB5-4BB9-AB62-EFD313539A03}

2012-07-26 08:12:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{28DF05AC-9E0B-43C4-87A3-99319D8C8ADA}

2012-07-26 06:58:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{93BAC7AD-3543-4294-8786-48EDC5ED5513}

2012-07-26 06:58:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{67BE79A3-AA3E-4A13-B2AE-375D83C72F29}

2012-07-26 04:35:28 -------- d-----w- C:\Users\legendofham\AppData\Local\{5530C1E2-7CD0-4223-8963-FE1700222817}

2012-07-26 04:35:06 -------- d-----w- C:\Users\legendofham\AppData\Local\{EEA007EB-E64C-484D-B811-13CB3F26C33C}

2012-07-26 00:53:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{56C23AC1-C3E1-45A4-84A8-4F0A33D04F62}

2012-07-26 00:52:47 -------- d-----w- C:\Users\legendofham\AppData\Local\{1D724D82-4FEB-4574-B7DA-1A503E249E76}

2012-07-25 20:05:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{6F49A8C4-FB41-4B03-82BC-46DE21043AD3}

2012-07-25 20:04:30 -------- d-----w- C:\Users\legendofham\AppData\Local\{2CBB694E-1390-4ADE-BA17-C85194CE11AB}

2012-07-25 18:20:48 -------- d-----w- C:\Users\legendofham\AppData\Local\{BCF6E9AE-DF87-447A-833F-B0CE22078D3C}

2012-07-25 18:20:27 -------- d-----w- C:\Users\legendofham\AppData\Local\{80D8D8F7-481A-41D5-9012-D7F57B44C46A}

2012-07-25 03:25:21 -------- d-----w- C:\Users\legendofham\AppData\Local\{2742A29A-7873-447B-BF6E-4DB22023FA53}

2012-07-25 03:24:56 -------- d-----w- C:\Users\legendofham\AppData\Local\{CAE79AE8-B7C7-4CCB-8664-7B532A08C17D}

2012-07-24 23:37:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{9492103B-23B1-48B7-A22C-CD21F43196DD}

2012-07-24 23:37:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{67ECBF4F-770F-46C7-8606-5C4104141D51}

2012-07-24 23:33:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{8C7B070B-22F9-4493-8AE7-84434F9BF707}

2012-07-24 20:39:48 -------- d-----w- C:\Users\legendofham\AppData\Local\{5D4647F9-90EF-4E88-9E19-9906C2BE0BEA}

2012-07-24 20:39:26 -------- d-----w- C:\Users\legendofham\AppData\Local\{8295D173-AB30-4E68-94B7-337C618A4995}

2012-07-24 19:34:59 -------- d-----w- C:\Users\legendofham\AppData\Local\{DDD85889-94DF-4540-A497-45040E9AA143}

2012-07-24 19:34:36 -------- d-----w- C:\Users\legendofham\AppData\Local\{318AD0C4-7F97-4D4C-B380-BFE3AEE4E9EB}

2012-07-24 02:12:30 -------- d-----w- C:\Users\legendofham\AppData\Local\{D7D37781-5E65-4C17-9CF4-7AF57728842C}

2012-07-24 02:12:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{D22E5ED8-BFB2-4B8A-819F-EEED216C136D}

2012-07-23 22:33:50 -------- d-----w- C:\Users\legendofham\AppData\Local\{8CC5C239-4E27-4F2E-89BF-A02AD049D7B5}

2012-07-23 22:33:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{59CEFDE8-91EB-44AB-8543-C07AAC8ED62E}

2012-07-23 20:54:43 -------- d-----w- C:\Users\legendofham\AppData\Local\{F36DBADE-917B-4A50-9D39-C1B39074D25F}

2012-07-23 20:54:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{442D7B9C-78D0-4245-A8AF-75B4634D3455}

2012-07-23 18:59:24 -------- d-----w- C:\Users\legendofham\AppData\Local\{07B571DA-C95D-438D-801D-B39A393E97D5}

2012-07-23 18:58:59 -------- d-----w- C:\Users\legendofham\AppData\Local\{ED378BAA-BF84-446B-B9B6-B77B184552E0}

2012-07-23 07:44:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{B458440F-DC8B-49EF-826A-15E60BC99C32}

2012-07-23 07:43:56 -------- d-----w- C:\Users\legendofham\AppData\Local\{E722A5E4-E7D1-429D-83C8-EB4A1F5CBF3C}

2012-07-23 07:35:30 -------- d-----w- C:\Users\legendofham\AppData\Local\{87113DA4-B24C-4344-830E-136B9EDD0CDD}

2012-07-23 07:35:18 -------- d-----w- C:\Users\legendofham\AppData\Local\{335E017E-B794-40A9-80AE-13D99E7B7AFF}

2012-07-23 02:38:09 -------- d-----w- C:\Users\legendofham\AppData\Local\{F6DE9614-4339-4F45-8E48-DA393B8F134C}

2012-07-23 02:37:42 -------- d-----w- C:\Users\legendofham\AppData\Local\{D535699C-FA8F-4940-9908-0E14EAE30A72}

2012-07-22 23:28:44 -------- d-----w- C:\Users\legendofham\AppData\Local\{9D49D4C3-8DBA-45CA-9D41-F30FC3B834AB}

2012-07-22 23:28:32 -------- d-----w- C:\Users\legendofham\AppData\Local\{A8EFEB5C-207A-4253-B69D-90F62FC6AB22}

2012-07-22 23:09:41 -------- d-----w- C:\Users\legendofham\AppData\Local\{EC1E307D-3FA7-4BBE-A756-4607FB7562EF}

2012-07-22 23:09:28 -------- d-----w- C:\Users\legendofham\AppData\Local\{12B86ECF-46CB-45D1-B0D4-B80561D8767E}

2012-07-22 20:58:14 -------- d-----w- C:\Users\legendofham\AppData\Local\{172932CD-B6C0-42B6-9547-11962A3BA651}

2012-07-22 20:57:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{74924F99-EC11-490B-920A-3A24D74B476D}

2012-07-22 06:26:03 -------- d-----w- C:\Users\legendofham\AppData\Local\{27C059EB-FBE9-44CF-847F-440EF1523ABE}

2012-07-22 06:25:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{2CCA5E33-236C-4000-96CF-0ADE49A9D09C}

2012-07-21 23:48:27 -------- d-----w- C:\Users\legendofham\AppData\Local\{2AB7E6EA-13D4-4AEF-A3D1-8C73BEF95E33}

2012-07-21 23:48:15 -------- d-----w- C:\Users\legendofham\AppData\Local\{7B8F81AB-0166-4A28-A56E-8787179B9E4F}

2012-07-21 08:11:01 -------- d-----w- C:\Users\legendofham\AppData\Local\{EA3847C3-A015-46E6-9BC6-2DF75678DCBD}

2012-07-21 08:10:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{B33E4DD5-2548-4077-89FD-AF1E6ACF3991}

2012-07-21 06:43:01 -------- d-----w- C:\Users\legendofham\AppData\Local\{562CFAE9-1C0F-40BC-971F-21AC3203BB66}

2012-07-21 06:42:39 -------- d-----w- C:\Users\legendofham\AppData\Local\{60AC5001-AA9A-42F0-8AA4-9C6606811FF2}

2012-07-21 04:29:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{785BB951-2BA6-486A-8CB7-CD3A3D039174}

2012-07-21 04:29:46 -------- d-----w- C:\Users\legendofham\AppData\Local\{701C61AE-FA81-42A3-9A12-CC60894CA033}

2012-07-21 01:10:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{61531B82-592F-4F0F-8F7A-2FD4D3BBFCEC}

2012-07-21 01:10:13 -------- d-----w- C:\Users\legendofham\AppData\Local\{6942956B-A440-4069-9D45-B4CE3CDDE47D}

2012-07-20 23:23:14 -------- d-----w- C:\Users\legendofham\AppData\Local\{2F7A1EA3-D77B-44B7-9AE4-8F611F1F9B0A}

2012-07-20 23:22:51 -------- d-----w- C:\Users\legendofham\AppData\Local\{333F011F-2B13-4C33-9DFA-F534EF0DE16D}

2012-07-20 23:13:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{B2A3CC82-BD52-4F8A-AFF8-F85708337173}

2012-07-20 23:13:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{1505EBF5-75D6-4B02-8898-08D83C4E55BB}

2012-07-20 23:09:28 -------- d-----w- C:\Users\legendofham\AppData\Local\{B85A8660-D039-4838-8DE2-97ACE4A733A5}

2012-07-20 23:02:45 232960 ----a-w- C:\windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll

2012-07-20 22:56:36 -------- d-----w- C:\windows\SysWow64\kodak

2012-07-20 22:55:21 -------- d-----w- C:\windows\SysWow64\spool

2012-07-20 22:52:36 -------- d-----w- C:\Users\legendofham\AppData\Roaming\KODAK AiO Home Center1568652956

2012-07-20 19:06:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{83E32669-997A-4954-ACA5-4B363735D454}

2012-07-20 19:06:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{1CD3DEBB-688B-40AD-B5C0-5EE4E63EF237}

2012-07-19 20:38:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{8AD928A4-B751-4704-B89B-E0FD37374538}

2012-07-19 20:37:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{D1A4D9EB-180D-4174-A548-57A1BFCA42B8}

2012-07-19 20:28:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{B01F1D37-E4D8-44DA-AFCB-2F5A10CE671E}

2012-07-19 20:28:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{8B9497A5-326E-4819-BBA7-F7D5703F2F9B}

2012-07-19 06:52:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{CABE07EB-5F52-46B1-926D-664C883EA6B1}

2012-07-19 06:51:42 -------- d-----w- C:\Users\legendofham\AppData\Local\{FA00FD9A-693F-4661-9658-E3E3A2987F8D}

2012-07-19 05:16:46 -------- d-----w- C:\Users\legendofham\AppData\Local\{81C19DD9-D02A-497C-B752-77794D2B6C91}

2012-07-19 05:16:24 -------- d-----w- C:\Users\legendofham\AppData\Local\{F20F17B8-68D8-4565-B1B9-1E5DEEC48577}

2012-07-19 04:59:50 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-07-19 04:58:55 -------- d-----w- C:\Users\legendofham\AppData\Roaming\uTorrent

2012-07-19 01:39:28 -------- d-----w- C:\ProgramData\IBUpdaterService

2012-07-19 01:39:24 550048 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe

2012-07-19 01:39:19 -------- d-----w- C:\Users\legendofham\AppData\Roaming\PerformerSoft

2012-07-19 01:39:17 550048 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe

2012-07-19 01:39:16 19000 ----a-w- C:\windows\System32\roboot64.exe

2012-07-19 01:39:10 -------- d-----w- C:\Program Files (x86)\appbario2

2012-07-19 00:49:14 -------- d-----w- C:\Users\legendofham\AppData\Local\{9144C537-8BFC-48F2-B32B-8A3781F4FAF0}

2012-07-19 00:48:52 -------- d-----w- C:\Users\legendofham\AppData\Local\{92729210-F261-4890-8C66-7F5A3E930B56}

2012-07-19 00:28:53 -------- d-----w- C:\Users\legendofham\AppData\Local\gzdoom

2012-07-18 23:38:32 -------- d-----w- C:\Users\legendofham\AppData\Local\{09DE9A0C-3C29-426A-94D8-FF7D8B0E7C1F}

2012-07-18 23:38:21 -------- d-----w- C:\Users\legendofham\AppData\Local\{F97E5623-CCC3-4B96-8713-31A2B4D30DDE}

2012-07-18 21:13:56 -------- d-----w- C:\Users\legendofham\AppData\Local\{3B2C56D9-3A81-4D2A-A3E3-137EE12A6A6A}

2012-07-18 21:13:34 -------- d-----w- C:\Users\legendofham\AppData\Local\{F06DD52D-0CF3-4661-B0DA-2B0058193902}

2012-07-18 20:06:56 -------- d-----w- C:\Users\legendofham\AppData\Local\{FD6FBE2F-A467-4009-B5E5-AD4EA4B62064}

2012-07-18 20:06:43 -------- d-----w- C:\Users\legendofham\AppData\Local\{36BFE7B7-3513-4F70-9B4A-A15A1E235FB9}

2012-07-18 20:03:32 -------- d-----w- C:\Users\legendofham\AppData\Local\{EF2C6EC6-A05D-4125-896F-46129C228507}

2012-07-18 20:03:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{6B670726-7B2E-490F-9386-1428BDD7CB49}

2012-07-18 02:07:21 -------- d-----w- C:\Users\legendofham\AppData\Local\{A53A40AB-99BC-4CA1-88FD-012D6427BD4A}

2012-07-18 02:07:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{EE6C1155-5640-4D44-BC36-67A2E6D6714A}

2012-07-18 01:08:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{2FE66BBD-E6D5-4E35-80E8-5756B99813AE}

2012-07-18 01:07:49 -------- d-----w- C:\Users\legendofham\AppData\Local\{4F9318F5-B201-4A26-B6B9-A11529FDF603}

2012-07-18 00:32:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{17F29F77-934E-48E5-9D6B-B0F74BCE3D0A}

2012-07-18 00:31:54 -------- d-----w- C:\Users\legendofham\AppData\Local\{DF2768DC-7524-4093-9D97-EA7F15A13C26}

2012-07-18 00:07:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{8762614F-82C5-4C17-B9E0-7EA16FE714D4}

2012-07-18 00:07:01 -------- d-----w- C:\Users\legendofham\AppData\Local\{032BDF54-303E-419E-AD57-9D6150BBFC99}

2012-07-17 22:59:34 -------- d-----w- C:\Users\legendofham\AppData\Local\{11BF3D2F-BF23-4628-B220-B3DCA6A365F9}

2012-07-17 22:59:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{FE7A55B6-DBC6-4D43-9FA5-C76CFF3F5AB8}

2012-07-17 22:23:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{33CD7E6F-55CB-4B7F-A48D-3FBEFABB0D29}

2012-07-17 22:23:16 -------- d-----w- C:\Users\legendofham\AppData\Local\{836615C2-2311-4D34-B4D8-C0A0E287F643}

2012-07-17 22:19:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{4B0C2CC6-990F-4C14-BCA2-A253581EF6C4}

2012-07-17 22:19:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{CEB7DBE9-7C61-4B0A-BB2B-6F674B73ADF8}

2012-07-17 21:13:39 -------- d-----w- C:\Users\legendofham\AppData\Local\{449B3EBA-92E2-4B7E-9113-C9E815964933}

2012-07-17 21:13:17 -------- d-----w- C:\Users\legendofham\AppData\Local\{B47F2313-4207-4566-994B-591C2777D4F9}

2012-07-17 18:56:41 -------- d-----w- C:\Users\legendofham\AppData\Local\{08BB6331-782F-4EF4-B364-FFEB1F85A3D4}

2012-07-17 18:56:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{240B856F-B2EA-4894-ADE5-A95BDF45F111}

2012-07-17 18:44:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{CAA2CDFF-3483-483A-9302-25CD7567BD03}

2012-07-17 18:43:56 -------- d-----w- C:\Users\legendofham\AppData\Local\{0D71770B-7F74-4E23-9365-D7FA47E8A480}

2012-07-17 06:54:50 -------- d-----w- C:\Users\legendofham\AppData\Local\{BF662F43-CAF8-4A85-A7FC-451D3ADE0E60}

2012-07-17 06:54:39 -------- d-----w- C:\Users\legendofham\AppData\Local\{A0B84291-FAB9-4DD2-BAA7-840A26771162}

2012-07-17 05:59:18 -------- d-----w- C:\Users\legendofham\AppData\Local\{1D0C18BC-530B-4AB3-AA96-1F521889B253}

2012-07-17 05:58:56 -------- d-----w- C:\Users\legendofham\AppData\Local\{831FB6C7-0C70-41AC-84DC-256C297073D9}

2012-07-17 01:42:25 -------- d-----w- C:\Users\legendofham\AppData\Local\{6534FF12-CE88-46F6-9AA2-8EDE9EE01295}

2012-07-17 01:42:02 -------- d-----w- C:\Users\legendofham\AppData\Local\{588F6D24-9C9E-4550-8B3D-125BF665D21C}

2012-07-16 20:29:14 -------- d-----w- C:\Program Files\Paint.NET

2012-07-16 20:28:34 -------- d-----w- C:\Users\legendofham\AppData\Local\Paint.NET

2012-07-16 20:16:53 -------- d-----w- C:\Users\legendofham\AppData\Local\{6523569E-BCF7-48DE-BCAB-EB320CCB5550}

2012-07-16 20:16:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{92D4C60A-AE91-4C41-90D5-3B0BEAEAA7B7}

2012-07-16 20:01:35 -------- d-----w- C:\Users\legendofham\AppData\Local\fontconfig

2012-07-16 20:01:33 -------- d-----w- C:\Users\legendofham\AppData\Local\gegl-0.2

2012-07-16 20:01:33 -------- d-----w- C:\Users\legendofham\.gimp-2.8

2012-07-16 19:32:06 -------- d-----w- C:\Program Files (x86)\LOLReplay

2012-07-16 17:48:50 -------- d-----w- C:\Users\legendofham\AppData\Local\{E12BD820-0430-4C1A-9EE5-A6F1B7DF3D59}

2012-07-16 17:48:34 -------- d-----w- C:\Users\legendofham\AppData\Local\{983FBE78-3EA2-492D-819D-D5F2543A7857}

2012-07-16 07:29:16 -------- d-----w- C:\Users\legendofham\AppData\Local\{CEFA334B-9612-4D29-8AD1-BB6D3C688CD9}

2012-07-16 07:28:52 -------- d-----w- C:\Users\legendofham\AppData\Local\{E9C91C9D-B2BA-41B7-BD41-7B5D0CDFD008}

2012-07-16 06:44:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{729582F8-4C96-4D16-963B-8ACF978D8EE1}

2012-07-16 06:43:25 -------- d-----w- C:\Users\legendofham\AppData\Local\{67F78D20-3E8A-4BB8-BC04-1161DA82DDCF}

2012-07-16 06:41:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{E5C41C88-D282-412D-94E3-FAE5CC9C2CCC}

2012-07-16 06:40:52 -------- d-----w- C:\Users\legendofham\AppData\Local\{FCF1FB33-10BC-4837-8D92-E4A1A3DC8D1A}

2012-07-16 03:52:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{B07D37D3-CB43-4DC6-A9DD-2CF4FF82EA2B}

2012-07-16 03:52:15 -------- d-----w- C:\Users\legendofham\AppData\Local\{44FD72A6-44BA-4586-819F-406DE787DA65}

2012-07-15 21:12:21 -------- d-----w- C:\Users\legendofham\AppData\Local\{D3A375E9-F5B1-493C-9015-000F7F9CAFB4}

2012-07-15 21:11:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{42C302AF-1490-47A9-9F06-EC4F08A5DB53}

2012-07-15 06:54:05 -------- d-----w- C:\Users\legendofham\AppData\Local\{CBAF96D0-6ED3-4B1F-8470-3B5528700DAC}

2012-07-15 06:53:43 -------- d-----w- C:\Users\legendofham\AppData\Local\{A7979820-F5D0-4F69-9323-C30B52C7454D}

2012-07-15 06:36:54 -------- d-----w- C:\Users\legendofham\AppData\Local\{E920734D-3896-4574-A55D-4BB43A95FEFC}

2012-07-15 06:36:32 -------- d-----w- C:\Users\legendofham\AppData\Local\{02599EF0-938A-434F-B07E-0ACAB3F2B208}

2012-07-15 03:48:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{AA8D9B3D-09FB-4774-8628-94CA9B192A5C}

2012-07-15 03:48:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{DD9D2DA6-8B92-4695-BB2C-7A408B137E77}

2012-07-15 00:38:59 -------- d-----w- C:\Users\legendofham\AppData\Local\{4A905306-A541-4E26-96B9-0B0DBC5CCBE2}

2012-07-15 00:38:37 -------- d-----w- C:\Users\legendofham\AppData\Local\{9CD6D3FA-355E-40E7-879C-8C12393844C3}

2012-07-14 20:56:49 -------- d-----w- C:\Users\legendofham\AppData\Local\{8344BDF1-F23A-4C54-AA6B-3262BA976BFF}

2012-07-14 20:56:25 -------- d-----w- C:\Users\legendofham\AppData\Local\{32300F86-8C52-4DFE-A818-9C3F93337FFF}

2012-07-14 06:52:18 -------- d-----w- C:\Users\legendofham\AppData\Local\PAYDAY

2012-07-14 01:46:46 -------- d-----w- C:\Users\legendofham\AppData\Local\{4DD62F13-29AF-46EA-9964-476E29918B82}

2012-07-14 01:46:24 -------- d-----w- C:\Users\legendofham\AppData\Local\{96FBBE88-62BB-49AF-AEDC-13F192178079}

2012-07-13 23:19:34 -------- d-----w- C:\Users\legendofham\AppData\Local\{AC9DEF13-122D-4B90-8B30-4EC976BCB227}

2012-07-13 23:19:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{90062AFD-6DE8-4E41-A1A9-70D2173DC79D}

2012-07-13 20:59:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{8D74142A-A1F0-454D-A979-40A9821DB4EC}

2012-07-13 20:58:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{83673B19-417B-4158-939B-CDDE29D7796A}

2012-07-13 18:50:34 -------- d-----w- C:\Users\legendofham\AppData\Local\{08F0DA9B-CD35-4E1A-A134-481139686E7A}

2012-07-13 18:50:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{C91024DC-3934-4935-A5B4-4671792FD1B4}

2012-07-13 07:19:18 -------- d-----w- C:\Users\legendofham\AppData\Local\{3BD91A77-8EAE-4684-8A7F-EF888D3F6690}

2012-07-13 07:18:55 -------- d-----w- C:\Users\legendofham\AppData\Local\{FC87D484-FDD5-4669-BB8A-D1767EBBE95A}

2012-07-13 06:20:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{0A345586-6CAF-4547-A888-EC73ACA622C1}

2012-07-13 06:20:48 -------- d-----w- C:\Users\legendofham\AppData\Local\{B6E4ED8C-FD0B-4ECA-B12B-5B6A368F7DE9}

2012-07-13 04:48:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{675BD837-96FE-49D8-A4BE-F9AECED134BA}

2012-07-13 04:48:11 -------- d-----w- C:\Users\legendofham\AppData\Local\{A0F313DF-3092-4911-8987-B8C7208ECE93}

2012-07-13 01:37:33 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2012-07-12 22:06:03 -------- d-----w- C:\Users\legendofham\AppData\Local\{A50DE633-4BA7-4C55-B34A-7DCE5E863E67}

2012-07-12 22:05:52 -------- d-----w- C:\Users\legendofham\AppData\Local\{F3F999C5-8603-4A8B-B3DB-E98F570B21FD}

2012-07-12 18:44:34 -------- d-----w- C:\Users\legendofham\AppData\Local\{FA5AE773-F044-4216-8DF3-F362EFA78BF3}

2012-07-12 18:44:12 -------- d-----w- C:\Users\legendofham\AppData\Local\{50CD0A81-854F-4719-BC6C-8C0BF5E61495}

2012-07-12 16:55:33 -------- d-----w- C:\Users\legendofham\AppData\Local\{C53342ED-E6F5-49F5-862F-5799F7351EEC}

2012-07-12 16:55:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{2EE62EF5-99A3-4A2A-B880-7EBB9E851D6F}

2012-07-12 05:36:27 -------- d-----w- C:\Users\legendofham\AppData\Local\{6D60C412-F75E-4FCC-BD51-606A9536FC39}

2012-07-12 05:36:06 -------- d-----w- C:\Users\legendofham\AppData\Local\{7E340E2C-7EC7-4662-AD4D-4318E4E62134}

2012-07-11 04:10:29 -------- d-----w- C:\Users\legendofham\AppData\Local\{3798A7F8-77C6-48BE-BBB9-6EF8A1F14A10}

2012-07-11 04:10:18 -------- d-----w- C:\Users\legendofham\AppData\Local\{653CBD18-FEA1-4AB7-AAF7-D8631BF2B326}

2012-07-11 03:41:37 -------- d-----w- C:\Users\legendofham\AppData\Local\{3FAAA144-AF54-4E34-96B8-F0A0196CBAE3}

2012-07-11 03:41:26 -------- d-----w- C:\Users\legendofham\AppData\Local\{3998F1AF-099E-4C17-9A83-665A4DE0AEAC}

2012-07-11 02:57:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{3FBF6A73-85EF-4029-9ADF-305D654BAC6F}

2012-07-11 02:56:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{C614F7B8-4553-4828-A2BD-417B7153A90C}

2012-07-11 02:02:39 -------- d-----w- C:\Users\legendofham\AppData\Local\{BB37FBF1-25C1-4A29-9516-9DCA3D2FB0CF}

2012-07-11 02:02:28 -------- d-----w- C:\Users\legendofham\AppData\Local\{7FBB2916-D8CD-4D91-9014-975951047219}

2012-07-11 01:21:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{FC460371-E72A-42A5-918A-8F29088E231D}

2012-07-11 01:20:44 -------- d-----w- C:\Users\legendofham\AppData\Local\{D0AE6AB0-EC64-48F7-A303-960C03A29153}

2012-07-11 00:15:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{30BEED7C-F8A0-4AA7-BE66-0B2ABCAE51BA}

2012-07-11 00:15:46 -------- d-----w- C:\Users\legendofham\AppData\Local\{EF8FEDEF-5A84-43BA-8FA1-70FD7DABA305}

2012-07-10 23:35:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{5FF79C23-0049-4CFD-B129-13403D9BFFAB}

2012-07-10 23:35:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{755973B4-FA21-46F3-8681-E2A8C67084E7}

2012-07-10 23:32:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{E701EFE1-99E5-414E-BBF2-10F4866A4D54}

2012-07-10 23:31:49 -------- d-----w- C:\Users\legendofham\AppData\Local\{172B9C1B-BBF8-4C98-A4F2-C072D99D0861}

2012-07-10 21:00:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{91731DA0-6D3E-49B7-BF86-2B26752727D5}

2012-07-10 20:59:56 -------- d-----w- C:\Users\legendofham\AppData\Local\{E59D1C16-CAFB-4C43-BB2E-8961FB2716D1}

2012-07-10 20:06:59 -------- d-----w- C:\Users\legendofham\AppData\Local\{4474EB8A-76CE-4B54-AE34-A4D1F15265E7}

2012-07-10 20:06:48 -------- d-----w- C:\Users\legendofham\AppData\Local\{F367D6FF-4C4F-4A71-B387-7D03ECD599DE}

2012-07-10 19:36:33 -------- d-----w- C:\Users\legendofham\AppData\Local\{1D16CB93-25E9-42FE-B0C6-1D28F5989B09}

2012-07-10 19:36:19 -------- d-----w- C:\Users\legendofham\AppData\Local\{417F04F3-7C6A-4ED9-A8B5-6CB568929A8A}

2012-07-10 19:02:30 -------- d-----w- C:\Users\legendofham\AppData\Local\{5F5A4FF1-63A0-4194-9B13-A4BC5BAFC669}

2012-07-10 19:02:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{986EFCC1-7BF5-458B-82C6-79212F8530C1}

2012-07-10 18:52:46 -------- d-----w- C:\Users\legendofham\AppData\Local\{A580C24F-EE8F-40E8-9532-9113455775D0}

2012-07-10 18:52:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{F39BBE22-73F8-425D-A423-4E2A8A6B7115}

2012-07-10 07:19:51 -------- d-----w- C:\Program Files (x86)\Audacity

2012-07-10 06:04:04 -------- d-----w- C:\Users\legendofham\AppData\Local\{6BC57D51-7ED9-4FEA-9368-C1EDE75E2033}

2012-07-10 06:03:42 -------- d-----w- C:\Users\legendofham\AppData\Local\{40BFE558-4F0B-4231-A7A9-E50A82B9BB2D}

2012-07-10 05:17:22 -------- d-----w- C:\Users\legendofham\AppData\Local\{EA3ED592-A444-46F8-9833-EC54A437295E}

2012-07-10 05:17:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{D4DC9563-0704-4409-8E8E-5220270F9DCE}

2012-07-10 03:11:22 -------- d-----w- C:\Users\legendofham\AppData\Local\{5A016FEA-ADD7-4D6C-A124-0E1F5DF9ABB1}

2012-07-10 03:11:11 -------- d-----w- C:\Users\legendofham\AppData\Local\{160827BB-107C-4CC9-A0CC-B68DD929BB92}

2012-07-10 01:58:44 -------- d-----w- C:\Users\legendofham\AppData\Local\{15EDE49B-7EF6-4E50-A3E7-B82288DDEB24}

2012-07-10 01:58:33 -------- d-----w- C:\Users\legendofham\AppData\Local\{B853D86F-868E-4EB3-A96E-27DE2C45705A}

2012-07-10 00:50:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{BFC7691D-D8B7-441B-8D42-9986AD43A5A3}

2012-07-10 00:50:24 -------- d-----w- C:\Users\legendofham\AppData\Local\{7663893E-4B10-4617-8A70-83FB8E8FEA13}

2012-07-09 22:00:17 -------- d-----w- C:\Users\legendofham\AppData\Local\{8DCF216F-4C48-4142-A9B8-8E2499D2C15A}

2012-07-09 21:59:55 -------- d-----w- C:\Users\legendofham\AppData\Local\{DD5F641B-5CC5-4563-8F17-F67CD9C86709}

2012-07-09 19:32:52 -------- d-----w- C:\Users\legendofham\AppData\Local\{3E012790-9BF3-420E-9983-8AB2CE9A2D84}

2012-07-09 19:32:15 -------- d-----w- C:\Users\legendofham\AppData\Local\{63363825-85D2-4FFA-A57E-8972251B392A}

2012-07-09 04:01:10 -------- d-----w- C:\Users\legendofham\AppData\Local\{FBD1A726-0E18-489B-8884-2B6672A096B8}

2012-07-09 04:00:35 -------- d-----w- C:\Users\legendofham\AppData\Local\{6A2E9CAD-5681-4B40-984A-F39DBA011A17}

2012-07-09 03:51:12 -------- d-----w- C:\Users\legendofham\AppData\Local\{025B492B-2BBD-4D28-A38F-BEA9961481DB}

2012-07-09 03:50:43 -------- d-----w- C:\Users\legendofham\AppData\Local\{334244E6-BD6B-40C2-A534-0F010C3CE044}

2012-07-09 03:42:15 -------- d-----w- C:\Users\legendofham\AppData\Local\{BE551633-7E3C-4A55-9CF0-07184B21F3EC}

2012-07-09 03:41:53 -------- d-----w- C:\Users\legendofham\AppData\Local\{AC2C7CA8-32F6-47BB-9DE2-6BAE8D0C25E4}

2012-07-08 07:32:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{B88AB3DC-D058-45E0-871B-1708F4A0B706}

2012-07-08 07:32:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{0A869E18-A288-4390-8B43-C537A3888982}

2012-07-08 04:51:22 -------- d-----w- C:\Users\legendofham\AppData\Local\{228984C9-367B-49D4-991B-D5FB3B84681F}

2012-07-08 04:51:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{160CAC25-00B3-4310-95F0-26102D4ADA03}

2012-07-08 04:09:11 -------- d-----w- C:\Users\legendofham\AppData\Local\{A38F203B-7199-4FE5-8A2C-D65D605E0C3C}

2012-07-08 04:09:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{DFE7BBF3-ABAD-4BFF-AB87-75D742DF80A2}

2012-07-08 02:51:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{B1E0D9BB-6839-41B0-9304-6B843FB20E44}

2012-07-08 02:50:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{4FFC7243-CBD0-4EBF-B048-2832EC6B6D74}

2012-07-08 00:47:17 -------- d-----w- C:\Users\legendofham\AppData\Local\{3D50B8F5-FA11-43CF-B9E2-B6034BE45970}

2012-07-08 00:46:54 -------- d-----w- C:\Users\legendofham\AppData\Local\{6A9BFE7A-83BD-4EC4-B4CA-C78CEB391306}

2012-07-08 00:46:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{67E390CD-B6FC-404C-A5A2-4A9CF4BE8882}

2012-07-08 00:45:46 -------- d-----w- C:\Users\legendofham\AppData\Local\{B87A67FD-B98F-4A2B-8949-1117243E6864}

2012-07-07 22:38:40 -------- d-----w- C:\Users\legendofham\AppData\Local\{530972DD-EA94-4538-8B1C-217C8EF30D34}

2012-07-07 22:38:18 -------- d-----w- C:\Users\legendofham\AppData\Local\{91A2FE85-87C9-4C1A-BDA6-77B054D15424}

2012-07-07 22:05:33 -------- d-----w- C:\Users\legendofham\AppData\Local\{8D5A2DA6-0B69-4061-AA58-AE80A655984F}

2012-07-07 22:05:21 -------- d-----w- C:\Users\legendofham\AppData\Local\{1B1F157C-8740-41E0-AB38-B262C097C80B}

2012-07-07 19:02:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{B83CEA0E-E771-42FC-B901-4427DA10E565}

2012-07-07 19:01:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{20F40D59-3DE0-40D3-8792-5C4DEC4547BB}

2012-07-07 06:08:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{FC4D8D35-3C6D-45FC-B5D3-52BA52A885A2}

2012-07-07 06:08:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{0B92B4B5-F2AE-421B-92FD-8930F10FC8D0}

2012-07-07 03:01:09 -------- d-----w- C:\Users\legendofham\AppData\Local\{7A37D2C8-F5DF-4EDD-81B4-E2443B46E487}

2012-07-07 03:00:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{EC1B0EA1-5346-4517-AC93-4DB3B6E24CE9}

2012-07-07 00:28:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{D24FE52E-7EE8-4761-840C-126A34D67BF3}

2012-07-07 00:28:47 -------- d-----w- C:\Users\legendofham\AppData\Local\{5FA4F175-6DBE-4110-B4E5-2D89EF105140}

2012-07-06 23:07:20 -------- d-----w- C:\Users\legendofham\AppData\Local\{222D4ABC-F1F2-4942-98B7-DE2BBD6DF0FC}

2012-07-06 23:06:58 -------- d-----w- C:\Users\legendofham\AppData\Local\{E306E956-1AAD-4428-BEA5-021A37777E65}

2012-07-06 22:52:30 -------- d-----w- C:\Users\legendofham\AppData\Local\{3F1D5835-2731-4119-A88C-DDC43EE4C027}

2012-07-06 22:52:18 -------- d-----w- C:\Users\legendofham\AppData\Local\{CC7F04C2-F949-4261-9590-A28B2D84CCD7}

2012-07-06 21:41:12 -------- d-----w- C:\Users\legendofham\AppData\Local\{232BF937-02C8-4CAF-95B0-2C27D13C7A2C}

2012-07-06 21:40:49 -------- d-----w- C:\Users\legendofham\AppData\Local\{99F26C68-0CED-4800-A3B9-BB05A8ED0DC0}

2012-07-06 20:43:18 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2012-07-06 20:36:16 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2012-07-06 20:36:00 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios

2012-07-06 17:13:30 -------- d-----w- C:\Users\legendofham\AppData\Local\{BB26B529-CF21-4574-8A26-31279FB55593}

2012-07-06 17:13:05 -------- d-----w- C:\Users\legendofham\AppData\Local\{FEB4E1AE-4887-4D48-B4B1-3A843EBCFE65}

2012-07-06 06:43:04 -------- d-----w- C:\Users\legendofham\AppData\Local\{BFB84002-44E0-4F2A-BA0A-2C424CF49A67}

2012-07-06 06:42:42 -------- d-----w- C:\Users\legendofham\AppData\Local\{88274806-BB19-4567-8FDF-E02C7D29A173}

2012-07-06 03:33:29 -------- d-----w- C:\Users\legendofham\AppData\Local\{4C47C091-0F3A-4D36-8F73-623C3B62F9CE}

2012-07-06 03:33:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{46900DA0-F900-49BD-81EC-B7CEA1F5CE48}

2012-07-06 01:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-07-06 01:04:02 -------- d-----w- C:\Users\legendofham\AppData\Local\{F49C72AB-0AA5-44CD-AE76-86955F157A08}

2012-07-06 01:03:40 -------- d-----w- C:\Users\legendofham\AppData\Local\{5711EFA5-AC3B-4EE2-A6E4-D0C68BC52A3C}

2012-07-05 23:31:07 -------- d-----w- C:\Users\legendofham\AppData\Local\{35820B7E-6DCB-4ED4-82F1-5AA561A0B3CD}

2012-07-05 23:30:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{369376C9-BA92-4D2B-BA15-D085BE68506B}

2012-07-05 23:18:50 -------- d-----w- C:\Users\legendofham\AppData\Local\{29661DFA-44B5-4E21-B1DE-65710CC87C13}

2012-07-05 23:18:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{94F657B0-4A60-483D-8136-A18B776A4D83}

2012-07-05 21:53:04 -------- d-----w- C:\Users\legendofham\AppData\Local\{16876BC9-54F0-40E0-B26B-100C90CD61C6}

2012-07-05 21:01:24 -------- d-----w- C:\Users\legendofham\AppData\Local\{21A499AE-B085-423C-BE2E-F496D2C0DE10}

2012-07-05 17:46:14 -------- d-----w- C:\Users\legendofham\AppData\Local\{15508285-69BA-4781-B2F1-8AABD7F4A0BC}

2012-07-05 17:46:00 -------- d-----w- C:\Users\legendofham\AppData\Local\{FF16315B-821A-4FAF-BF33-E574DB25DA2C}

2012-07-05 06:54:54 -------- d-----w- C:\Users\legendofham\AppData\Local\{638D644B-80D6-4656-BE47-8740051AA1A6}

2012-07-05 06:54:31 -------- d-----w- C:\Users\legendofham\AppData\Local\{052B1C65-7CFA-444E-9583-499DEB72B802}

2012-07-05 02:07:38 -------- d-----w- C:\Users\legendofham\AppData\Local\{7ED2C154-58EC-49E1-AEE1-6379358548BD}

2012-07-05 02:07:27 -------- d-----w- C:\Users\legendofham\AppData\Local\{55537BB2-2B8A-4703-A403-F7FA3ABD22CA}

2012-07-05 01:20:45 -------- d-----w- C:\Users\legendofham\AppData\Local\{A303568D-431E-4815-A0A4-F7790B70278A}

2012-07-05 01:20:23 -------- d-----w- C:\Users\legendofham\AppData\Local\{CB5B6C5E-729C-4763-A0F1-0BD3EDA5A479}

2012-07-04 15:54:39 -------- d-----w- C:\Users\legendofham\AppData\Local\{6A2C8EA5-5916-44C3-AAAF-1FBC6BE394C4}

2012-07-04 15:54:28 -------- d-----w- C:\Users\legendofham\AppData\Local\{EB5231CD-C768-4BED-B55C-73F02BF9EC91}

2012-07-04 06:55:11 -------- d-----w- C:\Users\legendofham\AppData\Local\{B26DFA71-ADA1-4317-805D-1DA0CB2C0A8A}

2012-07-04 06:54:48 -------- d-----w- C:\Users\legendofham\AppData\Local\{F63A9CC7-F197-46BA-9827-5C98E4991156}

2012-07-04 06:02:18 -------- d-----w- C:\Users\legendofham\AppData\Local\{D5CBFD60-0207-428B-A991-2EFE97661735}

2012-07-04 06:01:55 -------- d-----w- C:\Users\legendofham\AppData\Local\{4DF7395F-55E1-494F-984E-587028BA509A}

2012-07-04 05:48:22 298016 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr

2012-07-04 05:48:17 -------- d-----w- C:\Users\legendofham\AppData\Local\PunkBuster

2012-07-04 05:40:32 298016 ----a-w- C:\windows\SysWow64\PnkBstrB.exe

2012-07-04 05:40:32 298016 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0

2012-07-04 05:40:31 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe

2012-07-04 05:40:30 3130440 ----a-w- C:\windows\SysWow64\pbsvc_blr.exe

2012-07-04 05:40:18 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-07-04 05:39:35 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-07-04 03:17:08 -------- d-----w- C:\Users\legendofham\AppData\Local\{01C994DB-6FFD-4755-86D6-84E28A45A1B5}

2012-07-04 03:16:57 -------- d-----w- C:\Users\legendofham\AppData\Local\{8F7E7583-7DCF-4029-A0BF-490DBDCF3A08}

2012-07-04 02:11:19 -------- d-----w- C:\Users\legendofham\AppData\Local\AskToolbar

2012-07-04 02:09:44 -------- d-----w- C:\Users\legendofham\AppData\Local\{DF918E37-E805-4A46-A230-3757131A8AA3}

2012-07-04 02:09:21 -------- d-----w- C:\Users\legendofham\AppData\Local\{B24F570B-7216-40E2-BB04-4EC1677D5518}

2012-07-03 23:23:15 -------- d-----w- C:\Users\legendofham\AppData\Local\{4FC5B28F-D387-46C1-B48C-4F65E9E1CBD9}

2012-07-03 23:22:53 -------- d-----w- C:\Users\legendofham\AppData\Local\{AE85D198-3368-4F2E-B953-B5498B2F8008}

.

==================== Find3M ====================

.

2012-07-27 00:44:10 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 00:44:10 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-07-17 19:02:18 405144 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll

2012-07-03 20:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-06-09 20:23:01 955848 ----a-w- C:\windows\System32\npDeployJava1.dll

2012-06-09 20:23:01 839112 ----a-w- C:\windows\System32\deployJava1.dll

2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-05-23 05:44:11 8192 ----a-w- C:\windows\SysWow64\srvany.exe

2012-04-19 06:04:43 1772419764 ----a-w- C:\Program Files (x86)\ElswordInstaller_ver1_32-1a.bin

2012-04-19 06:01:52 327427 ----a-w- C:\Program Files (x86)\ElswordInstaller_ver1_32.exe

.

============= FINISH: 15:59:22.91 ===============

Attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

I did all this in safe mode with networking. Normal mode is compromised by the virus and no program except internet explorer will open.

Also thanks for the help.

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User: legendofham [Admin rights]

Mode: Scan -- Date: 08/02/2012 19:33:31

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\RunOnce : 7531EE6D889E68028DC50892F875F002 (C:\ProgramData\7531EE6D889E68028DC50892F875F002\7531EE6D889E68028DC50892F875F002.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-839072158-3120938179-813264055-1000[...]\RunOnce : 7531EE6D889E68028DC50892F875F002 (C:\ProgramData\7531EE6D889E68028DC50892F875F002\7531EE6D889E68028DC50892F875F002.exe) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\legendofham\AppData\Local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500LM0 12 HN-M500MBB SATA Disk Device +++++

--- User ---

[MBR] 4137405c0f93502d3683817d3530504e

[bSP] e0c67146b8527e1472924719aa6c10ce : KIWI Image system MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 183296 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 375597056 | Size: 273473 Mo

3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 935669760 | Size: 20070 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest:

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] HKCU\[...]\RunOnce : 7531EE6D889E68028DC50892F875F002 (C:\ProgramData\7531EE6D889E68028DC50892F875F002\7531EE6D889E68028DC50892F875F002.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-839072158-3120938179-813264055-1000[...]\RunOnce : 7531EE6D889E68028DC50892F875F002 (C:\ProgramData\7531EE6D889E68028DC50892F875F002\7531EE6D889E68028DC50892F875F002.exe) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\legendofham\AppData\Local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\n.) -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Files tab and put a check next to these and uncheck the rest.

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\L --> FOUND

Now click Delete on the right hand column under Options

----------------------------

Then..........

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Next click on the Files tab and put a check next to these and uncheck the rest.

Quote

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\legendofham\appdata\local\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\L --> FOUND

Now click Delete on the right hand column under Options

I can't get the "zero access" under files. Only says things that are removed.

Link to post
Share on other sites

Here are the files:

FRST:

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 02-08-2012 20:21:55

Running from H:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)

HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2776872 2011-08-31] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [791200 2011-07-15] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [657568 2011-07-15] (Atheros Commnucations)

HKLM\...\Run: [EKIJ5000StatusMonitor] C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-10-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [87336 2010-09-19] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-01] (CyberLink)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1568976 2012-06-20] (Ask)

HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]

HKU\legendofham\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\legendofham\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-04-14] (Valve Corporation)

Startup: C:\Users\legendofham\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-02] (Avira Operations GmbH & Co. KG)

2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG)

2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [465360 2012-05-01] (Avira Operations GmbH & Co. KG)

2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-07-15] (Atheros)

2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-07-15] (Atheros Commnucations)

2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)

2 KMService; C:\windows\SysWow64\srvany.exe [8192 2012-05-22] ()

2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)

2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2012-07-03] ()

2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] ()

========================== Drivers (Whitelisted) =============

3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-07-15] (Atheros)

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH)

1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH)

1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH)

3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [259744 2011-07-15] (Atheros)

3 btath_avdt; C:\Windows\System32\Drivers\btath_avdt.sys [109216 2011-07-15] (Atheros)

3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [29344 2011-07-15] (Atheros)

3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [166048 2011-07-15] (Atheros)

3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [59040 2011-07-15] (Atheros)

3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [283296 2011-07-15] (Atheros)

3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [289440 2011-07-15] (Atheros)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2012-01-28] (Windows ® 2003 DDK 3790 provider)

2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

3 X6va006; \??\C:\Users\LEGEND~1\AppData\Local\Temp\0065782.tmp [x]

3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-02 19:18 - 2012-08-02 19:18 - 00058467 ____A C:\Users\legendofham\Desktop\FRST.txt

2012-08-02 19:17 - 2012-08-02 19:17 - 00000000 ____D C:\FRST

2012-08-02 19:16 - 2012-08-02 19:10 - 01438391 ____A (Farbar) C:\Users\legendofham\Desktop\FRST64.exe

2012-08-02 19:04 - 2012-08-02 19:04 - 00002818 ____A C:\Users\legendofham\Desktop\RKreport[3].txt

2012-08-02 19:03 - 2012-08-02 19:03 - 00002576 ____A C:\Users\legendofham\Desktop\RKreport[2].txt

2012-08-02 18:33 - 2012-08-02 18:33 - 00002558 ____A C:\Users\legendofham\Desktop\RKreport[1].txt

2012-08-02 18:32 - 2012-08-02 19:04 - 00000000 ____D C:\Users\legendofham\Desktop\RK_Quarantine

2012-08-02 18:32 - 2012-08-02 18:32 - 01552384 ____A C:\Users\legendofham\Desktop\RogueKiller.exe

2012-08-02 15:01 - 2012-08-02 15:01 - 00061594 ____A C:\Users\legendofham\Desktop\DDS.txt

2012-08-02 15:01 - 2012-08-02 15:01 - 00015329 ____A C:\Users\legendofham\Desktop\Attach.txt

2012-08-02 12:35 - 2012-08-02 12:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-08-02 11:23 - 2012-08-02 11:25 - 00000000 ____D C:\Users\All Users\7531EE6D889E68028DC50892F875F002

2012-08-02 11:07 - 2012-08-02 11:07 - 01624358 ____A C:\Users\legendofham\Desktop\mcpatcher-2.4.1_01.exe

2012-08-02 10:46 - 2012-08-02 10:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{741B7E24-2269-423E-996C-13A4E4430623}

2012-08-02 10:46 - 2012-08-02 10:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A60288B-9AB7-40AF-BE34-D17F4BA5CED4}

2012-08-01 20:27 - 2012-08-01 20:27 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A7E1A51D-BB31-4FDD-9B5D-8A0CC49F6C6C}

2012-08-01 20:27 - 2012-08-01 20:27 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1E834205-8861-43F9-8381-DC36A1CB1862}

2012-08-01 13:21 - 2012-08-01 13:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{58F44292-3544-47A6-98BF-0229F282E03F}

2012-08-01 13:21 - 2012-08-01 13:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{442533BF-E153-44A1-AE19-B3C50C62B150}

2012-08-01 12:01 - 2012-08-01 12:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0BBC3F8C-8494-4C56-9C54-32FE255E9ECF}

2012-08-01 12:00 - 2012-08-01 12:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A56D7E8F-1D83-4B21-912B-D20ED76EF1C0}

2012-07-31 17:59 - 2012-07-31 17:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FD0C3BC9-8436-4E43-83F9-8D8236A916FA}

2012-07-31 17:58 - 2012-07-31 17:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9F525E42-9A0D-494E-B57E-5BBC53A3A6A7}

2012-07-31 15:43 - 2012-07-31 15:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EA928293-ADDB-4B73-B5A8-298E607CF351}

2012-07-31 15:43 - 2012-07-31 15:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A298EE5C-7A35-4EA4-9C10-4665BD78061D}

2012-07-31 10:47 - 2012-07-31 10:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9BC2F131-8536-4BB9-9ADD-74064CFC5B75}

2012-07-31 10:47 - 2012-07-31 10:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2775FAE1-D59B-4C22-87DD-E13FF95DD6E0}

2012-07-30 22:52 - 2012-07-30 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EB19BFBA-F3AE-4975-96E3-F2EA7D30E047}

2012-07-30 22:52 - 2012-07-30 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{589D96E2-2804-47C6-82DF-51E766B2847B}

2012-07-30 19:01 - 2012-07-30 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A0624CBE-C6C1-4D17-997E-97E585832FF7}

2012-07-30 19:01 - 2012-07-30 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{198B5353-CAFB-44F9-9E03-C583356E9A30}

2012-07-30 11:17 - 2012-07-30 11:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F5134FDE-78ED-4797-8749-CDAEEE71D860}

2012-07-30 11:16 - 2012-07-30 11:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B8375534-8C49-4156-95BD-B3E0A2D0484E}

2012-07-29 19:44 - 2012-07-29 19:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{734255F8-7CCA-461B-8965-1619E8F759C1}

2012-07-29 17:40 - 2012-07-29 17:40 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B842D716-97DC-47C3-B848-5840394FFEE7}

2012-07-29 17:40 - 2012-07-29 17:40 - 00000000 ____D C:\Users\legendofham\AppData\Local\{30487995-D909-4BD5-8A9F-53D3AA3E7759}

2012-07-29 16:19 - 2012-07-29 16:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{63154C65-D08D-4E66-945E-B8321F7B799C}

2012-07-29 16:18 - 2012-07-29 16:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{ECD89350-5067-4C08-834A-E8F23569656E}

2012-07-29 14:34 - 2012-07-29 14:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4ACBFEDE-EC9D-4136-995B-F538CCAEB509}

2012-07-29 14:34 - 2012-07-29 14:34 - 00000000 ____D C:\Users\legendofham\AppData\Local\{23D47ADE-5BEB-4CA4-85E0-4835EB193A8D}

2012-07-29 12:38 - 2012-07-29 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7967605E-B687-45BF-9CA9-81E0093799B2}

2012-07-29 12:37 - 2012-07-29 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5558C927-6325-450B-9E9D-EA9B78E2D171}

2012-07-29 12:33 - 2012-07-29 12:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{83568868-9E7E-4922-82A6-DCF4480E13C8}

2012-07-29 12:32 - 2012-07-29 12:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{29A94440-CBFD-419A-9356-2DCFD0433DDA}

2012-07-29 07:59 - 2012-07-29 08:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AE0D4D9E-E918-430D-850A-C9CFD8880899}

2012-07-29 07:59 - 2012-07-29 07:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{90A72D56-BE3F-46CB-A86E-11D6FD9D95F3}

2012-07-28 16:02 - 2012-07-28 16:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7D87E853-C4C8-4A9D-A3AA-DA4E14891811}

2012-07-28 16:02 - 2012-07-28 16:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4CEED9EF-61AB-4861-A88F-E1C2383CFA25}

2012-07-28 15:59 - 2012-07-28 16:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{57BC2020-64EB-49BA-86FF-F2CB76333867}

2012-07-28 15:59 - 2012-07-28 15:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{34F063A0-0C2B-403A-B4D6-8C1FF0F5BB70}

2012-07-28 10:15 - 2012-07-28 10:15 - 00000000 ____D C:\Users\legendofham\AppData\Local\{339A874A-2905-4584-B9A5-7C6502AE2504}

2012-07-28 10:14 - 2012-07-28 10:15 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5C8FF446-E977-4219-8402-3D5D69D4ACAA}

2012-07-28 10:12 - 2012-07-28 10:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B51059AE-CC78-469D-AB44-90E15A41B75E}

2012-07-28 10:12 - 2012-07-28 10:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AD1DE65C-B763-48F4-B651-6566CE7991A4}

2012-07-27 22:18 - 2012-07-27 22:18 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A8F1588D-7B80-42C0-89F0-4DBCB855B30D}

2012-07-27 22:17 - 2012-07-27 22:18 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8262E4E3-7807-4DE4-B0E2-3879D1B6CB44}

2012-07-27 21:11 - 2012-07-27 21:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C8977654-07A4-40FE-B11B-A82732D50365}

2012-07-27 21:11 - 2012-07-27 21:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9D46BD3F-AD13-4EC5-8049-4D7147665C36}

2012-07-27 18:56 - 2012-07-27 18:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8AA7DCA4-4F99-44A8-BD55-53892FD02C81}

2012-07-27 18:56 - 2012-07-27 18:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3DD03808-9621-47C5-AA31-E0DE37488591}

2012-07-27 18:05 - 2012-07-27 18:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C874B19A-A887-445D-9788-E83F2ACF1112}

2012-07-27 18:05 - 2012-07-27 18:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{74D937E2-69F0-4B5F-B820-1BFC4593A5C0}

2012-07-27 13:06 - 2012-07-27 13:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F73CB384-C5BE-4A41-A737-41288E20C670}

2012-07-27 13:05 - 2012-07-27 13:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B0131C93-D9F7-400F-90A3-C185DEFCB0A2}

2012-07-27 11:37 - 2012-07-27 11:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CBA0D829-8706-4C6B-93B1-07E75DC6B1D4}

2012-07-27 11:37 - 2012-07-27 11:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AD58CF49-353D-4A90-B46F-34907EF80AD7}

2012-07-27 03:09 - 2012-07-27 03:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DCCE45F7-9745-4E18-A55B-B1BC26A86D22}

2012-07-27 03:09 - 2012-07-27 03:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C8170193-A8C4-4218-969D-81BDAAF82E33}

2012-07-26 23:06 - 2012-07-26 23:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8CB56A59-B278-460A-8973-D792B99A044F}

2012-07-26 23:06 - 2012-07-26 23:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2662A82D-F0DC-459D-A40E-3CE332A199C7}

2012-07-26 22:33 - 2012-07-26 22:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8E4D38B7-24AF-45B0-8D50-138CC2738D62}

2012-07-26 22:32 - 2012-07-26 22:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C301221C-347F-44FC-8E9F-CC0C9E12F177}

2012-07-26 22:29 - 2012-07-26 22:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F1F83FAA-8AD8-462C-924E-BAD11416CD95}

2012-07-26 22:29 - 2012-07-26 22:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8D1B7F5C-C987-490C-8F4B-F34B2FDBFE1E}

2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C48EDBED-B245-4B0E-97C8-ACC6F4B40072}

2012-07-26 19:38 - 2012-07-26 19:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BF499D45-D67A-401E-97FD-753F9EEAA72F}

2012-07-26 18:47 - 2012-07-26 18:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6DEA02B1-BB34-46F8-A835-A85FDFFCE152}

2012-07-26 18:46 - 2012-07-26 18:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{656E84C6-0835-4311-8880-E60755BA9613}

2012-07-26 15:09 - 2012-07-26 15:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{11085CB7-D322-4492-ADC7-5CAAB2FA886B}

2012-07-26 15:09 - 2012-07-26 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{04F1A298-AFDB-4DE3-8B0C-E4E81BC43FA7}

2012-07-26 11:13 - 2012-07-26 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{752E1F76-DAA4-452F-9DFF-DE57EDA03C54}

2012-07-26 11:12 - 2012-07-26 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C73BC29E-7C63-4D9C-B778-D1E7C5DC9ED0}

2012-07-26 00:13 - 2012-07-26 00:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4AD2EBDD-AAB5-4BB9-AB62-EFD313539A03}

2012-07-26 00:12 - 2012-07-26 00:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{28DF05AC-9E0B-43C4-87A3-99319D8C8ADA}

2012-07-25 22:58 - 2012-07-25 22:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{93BAC7AD-3543-4294-8786-48EDC5ED5513}

2012-07-25 22:58 - 2012-07-25 22:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67BE79A3-AA3E-4A13-B2AE-375D83C72F29}

2012-07-25 20:35 - 2012-07-25 20:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EEA007EB-E64C-484D-B811-13CB3F26C33C}

2012-07-25 20:35 - 2012-07-25 20:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5530C1E2-7CD0-4223-8963-FE1700222817}

2012-07-25 16:53 - 2012-07-25 16:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{56C23AC1-C3E1-45A4-84A8-4F0A33D04F62}

2012-07-25 16:52 - 2012-07-25 16:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1D724D82-4FEB-4574-B7DA-1A503E249E76}

2012-07-25 12:05 - 2012-07-25 12:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6F49A8C4-FB41-4B03-82BC-46DE21043AD3}

2012-07-25 12:04 - 2012-07-25 12:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2CBB694E-1390-4ADE-BA17-C85194CE11AB}

2012-07-25 10:20 - 2012-07-25 10:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BCF6E9AE-DF87-447A-833F-B0CE22078D3C}

2012-07-25 10:20 - 2012-07-25 10:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{80D8D8F7-481A-41D5-9012-D7F57B44C46A}

2012-07-24 20:58 - 2012-07-24 21:00 - 75552096 ____A C:\Users\legendofham\Desktop\God of Deceit V 1.0.zip

2012-07-24 19:25 - 2012-07-24 19:25 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2742A29A-7873-447B-BF6E-4DB22023FA53}

2012-07-24 19:24 - 2012-07-24 19:25 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CAE79AE8-B7C7-4CCB-8664-7B532A08C17D}

2012-07-24 15:37 - 2012-07-24 15:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9492103B-23B1-48B7-A22C-CD21F43196DD}

2012-07-24 15:37 - 2012-07-24 15:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67ECBF4F-770F-46C7-8606-5C4104141D51}

2012-07-24 15:33 - 2012-07-24 15:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8C7B070B-22F9-4493-8AE7-84434F9BF707}

2012-07-24 12:39 - 2012-07-24 12:39 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8295D173-AB30-4E68-94B7-337C618A4995}

2012-07-24 12:39 - 2012-07-24 12:39 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5D4647F9-90EF-4E88-9E19-9906C2BE0BEA}

2012-07-24 11:34 - 2012-07-24 11:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DDD85889-94DF-4540-A497-45040E9AA143}

2012-07-24 11:34 - 2012-07-24 11:34 - 00000000 ____D C:\Users\legendofham\AppData\Local\{318AD0C4-7F97-4D4C-B380-BFE3AEE4E9EB}

2012-07-23 18:12 - 2012-07-23 18:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D7D37781-5E65-4C17-9CF4-7AF57728842C}

2012-07-23 18:12 - 2012-07-23 18:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D22E5ED8-BFB2-4B8A-819F-EEED216C136D}

2012-07-23 14:33 - 2012-07-23 14:34 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8CC5C239-4E27-4F2E-89BF-A02AD049D7B5}

2012-07-23 14:33 - 2012-07-23 14:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{59CEFDE8-91EB-44AB-8543-C07AAC8ED62E}

2012-07-23 12:54 - 2012-07-23 12:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F36DBADE-917B-4A50-9D39-C1B39074D25F}

2012-07-23 12:54 - 2012-07-23 12:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{442D7B9C-78D0-4245-A8AF-75B4634D3455}

2012-07-23 10:59 - 2012-07-23 10:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{07B571DA-C95D-438D-801D-B39A393E97D5}

2012-07-23 10:58 - 2012-07-23 10:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{ED378BAA-BF84-446B-B9B6-B77B184552E0}

2012-07-22 23:44 - 2012-07-22 23:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B458440F-DC8B-49EF-826A-15E60BC99C32}

2012-07-22 23:43 - 2012-07-22 23:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E722A5E4-E7D1-429D-83C8-EB4A1F5CBF3C}

2012-07-22 23:35 - 2012-07-22 23:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{87113DA4-B24C-4344-830E-136B9EDD0CDD}

2012-07-22 23:35 - 2012-07-22 23:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{335E017E-B794-40A9-80AE-13D99E7B7AFF}

2012-07-22 18:38 - 2012-07-22 18:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F6DE9614-4339-4F45-8E48-DA393B8F134C}

2012-07-22 18:37 - 2012-07-22 18:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D535699C-FA8F-4940-9908-0E14EAE30A72}

2012-07-22 15:28 - 2012-07-22 15:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A8EFEB5C-207A-4253-B69D-90F62FC6AB22}

2012-07-22 15:28 - 2012-07-22 15:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9D49D4C3-8DBA-45CA-9D41-F30FC3B834AB}

2012-07-22 15:09 - 2012-07-22 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EC1E307D-3FA7-4BBE-A756-4607FB7562EF}

2012-07-22 15:09 - 2012-07-22 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{12B86ECF-46CB-45D1-B0D4-B80561D8767E}

2012-07-22 12:58 - 2012-07-22 12:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{172932CD-B6C0-42B6-9547-11962A3BA651}

2012-07-22 12:57 - 2012-07-22 12:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{74924F99-EC11-490B-920A-3A24D74B476D}

2012-07-21 22:26 - 2012-07-21 22:26 - 00000000 ____D C:\Users\legendofham\AppData\Local\{27C059EB-FBE9-44CF-847F-440EF1523ABE}

2012-07-21 22:25 - 2012-07-21 22:26 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2CCA5E33-236C-4000-96CF-0ADE49A9D09C}

2012-07-21 15:48 - 2012-07-21 15:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7B8F81AB-0166-4A28-A56E-8787179B9E4F}

2012-07-21 15:48 - 2012-07-21 15:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2AB7E6EA-13D4-4AEF-A3D1-8C73BEF95E33}

2012-07-21 00:11 - 2012-07-21 00:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EA3847C3-A015-46E6-9BC6-2DF75678DCBD}

2012-07-21 00:10 - 2012-07-21 00:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B33E4DD5-2548-4077-89FD-AF1E6ACF3991}

2012-07-20 22:43 - 2012-07-20 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{562CFAE9-1C0F-40BC-971F-21AC3203BB66}

2012-07-20 22:42 - 2012-07-20 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{60AC5001-AA9A-42F0-8AA4-9C6606811FF2}

2012-07-20 20:29 - 2012-07-20 20:30 - 00000000 ____D C:\Users\legendofham\AppData\Local\{785BB951-2BA6-486A-8CB7-CD3A3D039174}

2012-07-20 20:29 - 2012-07-20 20:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{701C61AE-FA81-42A3-9A12-CC60894CA033}

2012-07-20 17:10 - 2012-07-20 17:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6942956B-A440-4069-9D45-B4CE3CDDE47D}

2012-07-20 17:10 - 2012-07-20 17:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{61531B82-592F-4F0F-8F7A-2FD4D3BBFCEC}

2012-07-20 15:23 - 2012-07-20 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2F7A1EA3-D77B-44B7-9AE4-8F611F1F9B0A}

2012-07-20 15:22 - 2012-07-20 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{333F011F-2B13-4C33-9DFA-F534EF0DE16D}

2012-07-20 15:13 - 2012-07-20 15:14 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B2A3CC82-BD52-4F8A-AFF8-F85708337173}

2012-07-20 15:13 - 2012-07-20 15:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1505EBF5-75D6-4B02-8898-08D83C4E55BB}

2012-07-20 15:09 - 2012-07-20 15:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B85A8660-D039-4838-8DE2-97ACE4A733A5}

2012-07-20 14:58 - 2012-07-20 14:58 - 00002156 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk

2012-07-20 14:56 - 2012-07-20 14:56 - 00000000 ____D C:\Windows\SysWOW64\kodak

2012-07-20 14:55 - 2012-07-20 14:55 - 00000000 ____D C:\Windows\SysWOW64\spool

2012-07-20 14:52 - 2012-07-20 14:52 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\KODAK AiO Home Center1568652956

2012-07-20 14:51 - 2012-07-20 14:52 - 00034572 ____A C:\Users\legendofham\AppData\Local\c4u.log

2012-07-20 11:06 - 2012-07-20 11:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{83E32669-997A-4954-ACA5-4B363735D454}

2012-07-20 11:06 - 2012-07-20 11:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1CD3DEBB-688B-40AD-B5C0-5EE4E63EF237}

2012-07-19 12:38 - 2012-07-19 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8AD928A4-B751-4704-B89B-E0FD37374538}

2012-07-19 12:37 - 2012-07-19 12:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D1A4D9EB-180D-4174-A548-57A1BFCA42B8}

2012-07-19 12:28 - 2012-07-19 12:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B01F1D37-E4D8-44DA-AFCB-2F5A10CE671E}

2012-07-19 12:28 - 2012-07-19 12:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8B9497A5-326E-4819-BBA7-F7D5703F2F9B}

2012-07-18 22:52 - 2012-07-18 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CABE07EB-5F52-46B1-926D-664C883EA6B1}

2012-07-18 22:51 - 2012-07-18 22:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FA00FD9A-693F-4661-9658-E3E3A2987F8D}

2012-07-18 21:51 - 2012-07-18 21:51 - 00001052 ____A C:\Users\legendofham\Desktop\DOOM3 - Shortcut.lnk

2012-07-18 21:16 - 2012-07-18 21:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F20F17B8-68D8-4565-B1B9-1E5DEEC48577}

2012-07-18 21:16 - 2012-07-18 21:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{81C19DD9-D02A-497C-B752-77794D2B6C91}

2012-07-18 20:59 - 2012-07-18 20:59 - 00000943 ____A C:\Users\Public\Desktop\猥orrent.lnk

2012-07-18 20:59 - 2012-07-18 20:59 - 00000000 ____D C:\Program Files (x86)\uTorrent

2012-07-18 20:58 - 2012-07-18 21:42 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\uTorrent

2012-07-18 17:39 - 2012-07-18 17:43 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\PerformerSoft

2012-07-18 17:39 - 2012-07-18 17:39 - 00000009 ____A C:\END

2012-07-18 17:39 - 2012-07-18 17:39 - 00000000 ____D C:\Users\All Users\IBUpdaterService

2012-07-18 17:39 - 2012-07-18 17:39 - 00000000 ____D C:\Program Files (x86)\appbario2

2012-07-18 17:39 - 2012-03-14 14:47 - 00019000 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe

2012-07-18 16:49 - 2012-07-18 16:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9144C537-8BFC-48F2-B32B-8A3781F4FAF0}

2012-07-18 16:48 - 2012-07-18 16:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{92729210-F261-4890-8C66-7F5A3E930B56}

2012-07-18 16:28 - 2012-07-18 16:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\gzdoom

2012-07-18 15:38 - 2012-07-18 15:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F97E5623-CCC3-4B96-8713-31A2B4D30DDE}

2012-07-18 15:38 - 2012-07-18 15:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{09DE9A0C-3C29-426A-94D8-FF7D8B0E7C1F}

2012-07-18 13:13 - 2012-07-18 13:14 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3B2C56D9-3A81-4D2A-A3E3-137EE12A6A6A}

2012-07-18 13:13 - 2012-07-18 13:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F06DD52D-0CF3-4661-B0DA-2B0058193902}

2012-07-18 12:06 - 2012-07-18 12:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FD6FBE2F-A467-4009-B5E5-AD4EA4B62064}

2012-07-18 12:06 - 2012-07-18 12:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{36BFE7B7-3513-4F70-9B4A-A15A1E235FB9}

2012-07-18 12:03 - 2012-07-18 12:03 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EF2C6EC6-A05D-4125-896F-46129C228507}

2012-07-18 12:03 - 2012-07-18 12:03 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6B670726-7B2E-490F-9386-1428BDD7CB49}

2012-07-17 18:07 - 2012-07-17 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EE6C1155-5640-4D44-BC36-67A2E6D6714A}

2012-07-17 18:07 - 2012-07-17 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A53A40AB-99BC-4CA1-88FD-012D6427BD4A}

2012-07-17 17:08 - 2012-07-17 17:08 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2FE66BBD-E6D5-4E35-80E8-5756B99813AE}

2012-07-17 17:07 - 2012-07-17 17:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4F9318F5-B201-4A26-B6B9-A11529FDF603}

2012-07-17 16:32 - 2012-07-17 16:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{17F29F77-934E-48E5-9D6B-B0F74BCE3D0A}

2012-07-17 16:31 - 2012-07-17 16:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DF2768DC-7524-4093-9D97-EA7F15A13C26}

2012-07-17 16:07 - 2012-07-17 16:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8762614F-82C5-4C17-B9E0-7EA16FE714D4}

2012-07-17 16:07 - 2012-07-17 16:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{032BDF54-303E-419E-AD57-9D6150BBFC99}

2012-07-17 14:59 - 2012-07-17 14:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FE7A55B6-DBC6-4D43-9FA5-C76CFF3F5AB8}

2012-07-17 14:59 - 2012-07-17 14:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{11BF3D2F-BF23-4628-B220-B3DCA6A365F9}

2012-07-17 14:23 - 2012-07-17 14:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{836615C2-2311-4D34-B4D8-C0A0E287F643}

2012-07-17 14:23 - 2012-07-17 14:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{33CD7E6F-55CB-4B7F-A48D-3FBEFABB0D29}

2012-07-17 14:19 - 2012-07-17 14:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4B0C2CC6-990F-4C14-BCA2-A253581EF6C4}

2012-07-17 14:19 - 2012-07-17 14:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CEB7DBE9-7C61-4B0A-BB2B-6F674B73ADF8}

2012-07-17 13:13 - 2012-07-17 13:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B47F2313-4207-4566-994B-591C2777D4F9}

2012-07-17 13:13 - 2012-07-17 13:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{449B3EBA-92E2-4B7E-9113-C9E815964933}

2012-07-17 10:56 - 2012-07-17 10:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{240B856F-B2EA-4894-ADE5-A95BDF45F111}

2012-07-17 10:56 - 2012-07-17 10:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{08BB6331-782F-4EF4-B364-FFEB1F85A3D4}

2012-07-17 10:44 - 2012-07-17 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CAA2CDFF-3483-483A-9302-25CD7567BD03}

2012-07-17 10:43 - 2012-07-17 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0D71770B-7F74-4E23-9365-D7FA47E8A480}

2012-07-16 22:54 - 2012-07-16 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BF662F43-CAF8-4A85-A7FC-451D3ADE0E60}

2012-07-16 22:54 - 2012-07-16 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A0B84291-FAB9-4DD2-BAA7-840A26771162}

2012-07-16 21:59 - 2012-07-16 21:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1D0C18BC-530B-4AB3-AA96-1F521889B253}

2012-07-16 21:58 - 2012-07-16 21:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{831FB6C7-0C70-41AC-84DC-256C297073D9}

2012-07-16 17:42 - 2012-07-16 17:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6534FF12-CE88-46F6-9AA2-8EDE9EE01295}

2012-07-16 17:42 - 2012-07-16 17:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{588F6D24-9C9E-4550-8B3D-125BF665D21C}

2012-07-16 12:29 - 2012-07-16 12:29 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk

2012-07-16 12:29 - 2012-07-16 12:29 - 00000000 ____D C:\Program Files\Paint.NET

2012-07-16 12:28 - 2012-07-18 12:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\Paint.NET

2012-07-16 12:19 - 2012-07-16 12:19 - 00001478 ____A C:\Users\legendofham\AppData\Local\recently-used.xbel

2012-07-16 12:16 - 2012-07-16 12:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6523569E-BCF7-48DE-BCAB-EB320CCB5550}

2012-07-16 12:16 - 2012-07-16 12:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{92D4C60A-AE91-4C41-90D5-3B0BEAEAA7B7}

2012-07-16 12:01 - 2012-07-16 12:23 - 00000000 ____D C:\Users\legendofham\.gimp-2.8

2012-07-16 12:01 - 2012-07-16 12:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\gegl-0.2

2012-07-16 11:32 - 2012-07-17 11:35 - 00000000 ____D C:\Users\legendofham\Documents\LOLReplay

2012-07-16 11:32 - 2012-07-16 11:32 - 00001901 ____A C:\Users\Public\Desktop\LOL Recorder.lnk

2012-07-16 11:32 - 2012-07-16 11:32 - 00000000 ____D C:\Program Files (x86)\LOLReplay

2012-07-16 09:48 - 2012-07-16 09:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E12BD820-0430-4C1A-9EE5-A6F1B7DF3D59}

2012-07-16 09:48 - 2012-07-16 09:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{983FBE78-3EA2-492D-819D-D5F2543A7857}

2012-07-15 23:29 - 2012-07-15 23:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CEFA334B-9612-4D29-8AD1-BB6D3C688CD9}

2012-07-15 23:28 - 2012-07-15 23:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E9C91C9D-B2BA-41B7-BD41-7B5D0CDFD008}

2012-07-15 22:44 - 2012-07-15 22:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{729582F8-4C96-4D16-963B-8ACF978D8EE1}

2012-07-15 22:43 - 2012-07-15 22:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67F78D20-3E8A-4BB8-BC04-1161DA82DDCF}

2012-07-15 22:41 - 2012-07-15 22:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E5C41C88-D282-412D-94E3-FAE5CC9C2CCC}

2012-07-15 22:40 - 2012-07-15 22:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FCF1FB33-10BC-4837-8D92-E4A1A3DC8D1A}

2012-07-15 19:52 - 2012-07-15 19:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B07D37D3-CB43-4DC6-A9DD-2CF4FF82EA2B}

2012-07-15 19:52 - 2012-07-15 19:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{44FD72A6-44BA-4586-819F-406DE787DA65}

2012-07-15 13:12 - 2012-07-15 13:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D3A375E9-F5B1-493C-9015-000F7F9CAFB4}

2012-07-15 13:11 - 2012-07-15 13:12 - 00000000 ____D C:\Users\legendofham\AppData\Local\{42C302AF-1490-47A9-9F06-EC4F08A5DB53}

2012-07-14 22:54 - 2012-07-14 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CBAF96D0-6ED3-4B1F-8470-3B5528700DAC}

2012-07-14 22:53 - 2012-07-14 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A7979820-F5D0-4F69-9323-C30B52C7454D}

2012-07-14 22:36 - 2012-07-14 22:37 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E920734D-3896-4574-A55D-4BB43A95FEFC}

2012-07-14 22:36 - 2012-07-14 22:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{02599EF0-938A-434F-B07E-0ACAB3F2B208}

2012-07-14 19:48 - 2012-07-14 19:49 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AA8D9B3D-09FB-4774-8628-94CA9B192A5C}

2012-07-14 19:48 - 2012-07-14 19:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DD9D2DA6-8B92-4695-BB2C-7A408B137E77}

2012-07-14 16:38 - 2012-07-14 16:39 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4A905306-A541-4E26-96B9-0B0DBC5CCBE2}

2012-07-14 16:38 - 2012-07-14 16:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{9CD6D3FA-355E-40E7-879C-8C12393844C3}

2012-07-14 12:56 - 2012-07-14 12:57 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8344BDF1-F23A-4C54-AA6B-3262BA976BFF}

2012-07-14 12:56 - 2012-07-14 12:56 - 00000000 ____D C:\Users\legendofham\AppData\Local\{32300F86-8C52-4DFE-A818-9C3F93337FFF}

2012-07-13 22:52 - 2012-07-23 21:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\PAYDAY

2012-07-13 17:46 - 2012-07-13 17:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{96FBBE88-62BB-49AF-AEDC-13F192178079}

2012-07-13 17:46 - 2012-07-13 17:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4DD62F13-29AF-46EA-9964-476E29918B82}

2012-07-13 15:19 - 2012-07-13 15:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AC9DEF13-122D-4B90-8B30-4EC976BCB227}

2012-07-13 15:19 - 2012-07-13 15:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{90062AFD-6DE8-4E41-A1A9-70D2173DC79D}

2012-07-13 12:59 - 2012-07-13 12:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8D74142A-A1F0-454D-A979-40A9821DB4EC}

2012-07-13 12:58 - 2012-07-13 12:59 - 00000000 ____D C:\Users\legendofham\AppData\Local\{83673B19-417B-4158-939B-CDDE29D7796A}

2012-07-13 10:50 - 2012-07-13 10:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C91024DC-3934-4935-A5B4-4671792FD1B4}

2012-07-13 10:50 - 2012-07-13 10:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{08F0DA9B-CD35-4E1A-A134-481139686E7A}

2012-07-12 23:19 - 2012-07-12 23:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3BD91A77-8EAE-4684-8A7F-EF888D3F6690}

2012-07-12 23:18 - 2012-07-12 23:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FC87D484-FDD5-4669-BB8A-D1767EBBE95A}

2012-07-12 22:20 - 2012-07-12 22:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0A345586-6CAF-4547-A888-EC73ACA622C1}

2012-07-12 22:20 - 2012-07-12 22:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B6E4ED8C-FD0B-4ECA-B12B-5B6A368F7DE9}

2012-07-12 20:48 - 2012-07-12 20:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A0F313DF-3092-4911-8987-B8C7208ECE93}

2012-07-12 20:48 - 2012-07-12 20:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\{675BD837-96FE-49D8-A4BE-F9AECED134BA}

2012-07-12 17:37 - 2012-07-12 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA

2012-07-12 14:06 - 2012-07-12 14:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A50DE633-4BA7-4C55-B34A-7DCE5E863E67}

2012-07-12 14:05 - 2012-07-12 14:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F3F999C5-8603-4A8B-B3DB-E98F570B21FD}

2012-07-12 10:44 - 2012-07-12 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FA5AE773-F044-4216-8DF3-F362EFA78BF3}

2012-07-12 10:44 - 2012-07-12 10:44 - 00000000 ____D C:\Users\legendofham\AppData\Local\{50CD0A81-854F-4719-BC6C-8C0BF5E61495}

2012-07-12 08:55 - 2012-07-12 08:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C53342ED-E6F5-49F5-862F-5799F7351EEC}

2012-07-12 08:55 - 2012-07-12 08:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{2EE62EF5-99A3-4A2A-B880-7EBB9E851D6F}

2012-07-11 21:36 - 2012-07-11 21:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7E340E2C-7EC7-4662-AD4D-4318E4E62134}

2012-07-11 21:36 - 2012-07-11 21:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6D60C412-F75E-4FCC-BD51-606A9536FC39}

2012-07-10 20:10 - 2012-07-10 20:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{653CBD18-FEA1-4AB7-AAF7-D8631BF2B326}

2012-07-10 20:10 - 2012-07-10 20:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3798A7F8-77C6-48BE-BBB9-6EF8A1F14A10}

2012-07-10 19:41 - 2012-07-10 19:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3FAAA144-AF54-4E34-96B8-F0A0196CBAE3}

2012-07-10 19:41 - 2012-07-10 19:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3998F1AF-099E-4C17-9A83-665A4DE0AEAC}

2012-07-10 18:57 - 2012-07-10 18:57 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3FBF6A73-85EF-4029-9ADF-305D654BAC6F}

2012-07-10 18:56 - 2012-07-10 18:57 - 00000000 ____D C:\Users\legendofham\AppData\Local\{C614F7B8-4553-4828-A2BD-417B7153A90C}

2012-07-10 18:02 - 2012-07-10 18:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BB37FBF1-25C1-4A29-9516-9DCA3D2FB0CF}

2012-07-10 18:02 - 2012-07-10 18:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7FBB2916-D8CD-4D91-9014-975951047219}

2012-07-10 17:21 - 2012-07-10 17:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FC460371-E72A-42A5-918A-8F29088E231D}

2012-07-10 17:20 - 2012-07-10 17:21 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D0AE6AB0-EC64-48F7-A303-960C03A29153}

2012-07-10 16:15 - 2012-07-10 16:16 - 00000000 ____D C:\Users\legendofham\AppData\Local\{30BEED7C-F8A0-4AA7-BE66-0B2ABCAE51BA}

2012-07-10 16:15 - 2012-07-10 16:15 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EF8FEDEF-5A84-43BA-8FA1-70FD7DABA305}

2012-07-10 15:35 - 2012-07-10 15:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5FF79C23-0049-4CFD-B129-13403D9BFFAB}

2012-07-10 15:35 - 2012-07-10 15:35 - 00000000 ____D C:\Users\legendofham\AppData\Local\{755973B4-FA21-46F3-8681-E2A8C67084E7}

2012-07-10 15:32 - 2012-07-10 15:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E701EFE1-99E5-414E-BBF2-10F4866A4D54}

2012-07-10 15:31 - 2012-07-10 15:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{172B9C1B-BBF8-4C98-A4F2-C072D99D0861}

2012-07-10 13:00 - 2012-07-10 13:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{91731DA0-6D3E-49B7-BF86-2B26752727D5}

2012-07-10 12:59 - 2012-07-10 13:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E59D1C16-CAFB-4C43-BB2E-8961FB2716D1}

2012-07-10 12:06 - 2012-07-10 12:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4474EB8A-76CE-4B54-AE34-A4D1F15265E7}

2012-07-10 12:06 - 2012-07-10 12:06 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F367D6FF-4C4F-4A71-B387-7D03ECD599DE}

2012-07-10 11:36 - 2012-07-10 11:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{417F04F3-7C6A-4ED9-A8B5-6CB568929A8A}

2012-07-10 11:36 - 2012-07-10 11:36 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1D16CB93-25E9-42FE-B0C6-1D28F5989B09}

2012-07-10 11:02 - 2012-07-10 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{986EFCC1-7BF5-458B-82C6-79212F8530C1}

2012-07-10 11:02 - 2012-07-10 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5F5A4FF1-63A0-4194-9B13-A4BC5BAFC669}

2012-07-10 10:52 - 2012-07-10 10:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A580C24F-EE8F-40E8-9532-9113455775D0}

2012-07-10 10:52 - 2012-07-10 10:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F39BBE22-73F8-425D-A423-4E2A8A6B7115}

2012-07-09 23:20 - 2012-07-09 23:20 - 00000000 ____D C:\Users\legendofham\AppData\Roaming\Audacity

2012-07-09 23:19 - 2012-07-09 23:19 - 00001007 ____A C:\Users\legendofham\Desktop\Audacity.lnk

2012-07-09 23:19 - 2012-07-09 23:19 - 00000000 ____D C:\Program Files (x86)\Audacity

2012-07-09 22:04 - 2012-07-09 22:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6BC57D51-7ED9-4FEA-9368-C1EDE75E2033}

2012-07-09 22:03 - 2012-07-09 22:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{40BFE558-4F0B-4231-A7A9-E50A82B9BB2D}

2012-07-09 21:17 - 2012-07-09 21:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EA3ED592-A444-46F8-9833-EC54A437295E}

2012-07-09 21:17 - 2012-07-09 21:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D4DC9563-0704-4409-8E8E-5220270F9DCE}

2012-07-09 19:11 - 2012-07-09 19:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5A016FEA-ADD7-4D6C-A124-0E1F5DF9ABB1}

2012-07-09 19:11 - 2012-07-09 19:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\{160827BB-107C-4CC9-A0CC-B68DD929BB92}

2012-07-09 17:58 - 2012-07-09 17:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B853D86F-868E-4EB3-A96E-27DE2C45705A}

2012-07-09 17:58 - 2012-07-09 17:58 - 00000000 ____D C:\Users\legendofham\AppData\Local\{15EDE49B-7EF6-4E50-A3E7-B82288DDEB24}

2012-07-09 16:50 - 2012-07-09 16:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BFC7691D-D8B7-441B-8D42-9986AD43A5A3}

2012-07-09 16:50 - 2012-07-09 16:50 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7663893E-4B10-4617-8A70-83FB8E8FEA13}

2012-07-09 14:00 - 2012-07-09 14:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8DCF216F-4C48-4142-A9B8-8E2499D2C15A}

2012-07-09 13:59 - 2012-07-09 14:00 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DD5F641B-5CC5-4563-8F17-F67CD9C86709}

2012-07-09 11:32 - 2012-07-09 11:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3E012790-9BF3-420E-9983-8AB2CE9A2D84}

2012-07-09 11:32 - 2012-07-09 11:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{63363825-85D2-4FFA-A57E-8972251B392A}

2012-07-08 20:01 - 2012-07-08 20:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FBD1A726-0E18-489B-8884-2B6672A096B8}

2012-07-08 20:00 - 2012-07-08 20:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A2E9CAD-5681-4B40-984A-F39DBA011A17}

2012-07-08 19:51 - 2012-07-08 19:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{025B492B-2BBD-4D28-A38F-BEA9961481DB}

2012-07-08 19:50 - 2012-07-08 19:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{334244E6-BD6B-40C2-A534-0F010C3CE044}

2012-07-08 19:49 - 2012-07-26 22:32 - 00000000 ____D C:\Users\legendofham\Desktop\USA

2012-07-08 19:48 - 2012-07-09 13:58 - 00000000 ____D C:\Users\legendofham\Desktop\aberdeen

2012-07-08 19:42 - 2012-07-08 19:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BE551633-7E3C-4A55-9CF0-07184B21F3EC}

2012-07-08 19:41 - 2012-07-08 19:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AC2C7CA8-32F6-47BB-9DE2-6BAE8D0C25E4}

2012-07-07 23:32 - 2012-07-07 23:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B88AB3DC-D058-45E0-871B-1708F4A0B706}

2012-07-07 23:32 - 2012-07-07 23:32 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0A869E18-A288-4390-8B43-C537A3888982}

2012-07-07 20:51 - 2012-07-07 20:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{228984C9-367B-49D4-991B-D5FB3B84681F}

2012-07-07 20:51 - 2012-07-07 20:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{160CAC25-00B3-4310-95F0-26102D4ADA03}

2012-07-07 20:09 - 2012-07-07 20:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DFE7BBF3-ABAD-4BFF-AB87-75D742DF80A2}

2012-07-07 20:09 - 2012-07-07 20:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A38F203B-7199-4FE5-8A2C-D65D605E0C3C}

2012-07-07 18:51 - 2012-07-07 18:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B1E0D9BB-6839-41B0-9304-6B843FB20E44}

2012-07-07 18:50 - 2012-07-07 18:51 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4FFC7243-CBD0-4EBF-B048-2832EC6B6D74}

2012-07-07 16:47 - 2012-07-07 16:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3D50B8F5-FA11-43CF-B9E2-B6034BE45970}

2012-07-07 16:46 - 2012-07-07 16:47 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A9BFE7A-83BD-4EC4-B4CA-C78CEB391306}

2012-07-07 16:46 - 2012-07-07 16:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{67E390CD-B6FC-404C-A5A2-4A9CF4BE8882}

2012-07-07 16:45 - 2012-07-07 16:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B87A67FD-B98F-4A2B-8949-1117243E6864}

2012-07-07 14:38 - 2012-07-07 14:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{91A2FE85-87C9-4C1A-BDA6-77B054D15424}

2012-07-07 14:38 - 2012-07-07 14:38 - 00000000 ____D C:\Users\legendofham\AppData\Local\{530972DD-EA94-4538-8B1C-217C8EF30D34}

2012-07-07 14:05 - 2012-07-07 14:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8D5A2DA6-0B69-4061-AA58-AE80A655984F}

2012-07-07 14:05 - 2012-07-07 14:05 - 00000000 ____D C:\Users\legendofham\AppData\Local\{1B1F157C-8740-41E0-AB38-B262C097C80B}

2012-07-07 11:02 - 2012-07-07 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B83CEA0E-E771-42FC-B901-4427DA10E565}

2012-07-07 11:01 - 2012-07-07 11:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{20F40D59-3DE0-40D3-8792-5C4DEC4547BB}

2012-07-06 22:08 - 2012-07-06 22:08 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FC4D8D35-3C6D-45FC-B5D3-52BA52A885A2}

2012-07-06 22:08 - 2012-07-06 22:08 - 00000000 ____D C:\Users\legendofham\AppData\Local\{0B92B4B5-F2AE-421B-92FD-8930F10FC8D0}

2012-07-06 19:01 - 2012-07-06 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7A37D2C8-F5DF-4EDD-81B4-E2443B46E487}

2012-07-06 19:00 - 2012-07-06 19:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EC1B0EA1-5346-4517-AC93-4DB3B6E24CE9}

2012-07-06 16:28 - 2012-07-06 16:29 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D24FE52E-7EE8-4761-840C-126A34D67BF3}

2012-07-06 16:28 - 2012-07-06 16:28 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5FA4F175-6DBE-4110-B4E5-2D89EF105140}

2012-07-06 15:07 - 2012-07-06 15:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{222D4ABC-F1F2-4942-98B7-DE2BBD6DF0FC}

2012-07-06 15:06 - 2012-07-06 15:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{E306E956-1AAD-4428-BEA5-021A37777E65}

2012-07-06 14:52 - 2012-07-06 14:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CC7F04C2-F949-4261-9590-A28B2D84CCD7}

2012-07-06 14:52 - 2012-07-06 14:52 - 00000000 ____D C:\Users\legendofham\AppData\Local\{3F1D5835-2731-4119-A88C-DDC43EE4C027}

2012-07-06 13:41 - 2012-07-06 13:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{232BF937-02C8-4CAF-95B0-2C27D13C7A2C}

2012-07-06 13:40 - 2012-07-06 13:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{99F26C68-0CED-4800-A3B9-BB05A8ED0DC0}

2012-07-06 12:43 - 2012-07-13 22:51 - 00017993 ____A C:\Windows\DirectX.log

2012-07-06 12:43 - 2012-07-06 12:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Chart Controls

2012-07-06 12:36 - 2012-07-06 12:50 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios

2012-07-06 12:36 - 2012-07-06 12:36 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios

2012-07-06 09:13 - 2012-07-06 09:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FEB4E1AE-4887-4D48-B4B1-3A843EBCFE65}

2012-07-06 09:13 - 2012-07-06 09:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BB26B529-CF21-4574-8A26-31279FB55593}

2012-07-05 22:43 - 2012-07-05 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{BFB84002-44E0-4F2A-BA0A-2C424CF49A67}

2012-07-05 22:42 - 2012-07-05 22:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{88274806-BB19-4567-8FDF-E02C7D29A173}

2012-07-05 19:33 - 2012-07-05 19:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4C47C091-0F3A-4D36-8F73-623C3B62F9CE}

2012-07-05 19:33 - 2012-07-05 19:33 - 00000000 ____D C:\Users\legendofham\AppData\Local\{46900DA0-F900-49BD-81EC-B7CEA1F5CE48}

2012-07-05 17:04 - 2012-07-05 17:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F49C72AB-0AA5-44CD-AE76-86955F157A08}

2012-07-05 17:03 - 2012-07-05 17:04 - 00000000 ____D C:\Users\legendofham\AppData\Local\{5711EFA5-AC3B-4EE2-A6E4-D0C68BC52A3C}

2012-07-05 15:31 - 2012-07-05 15:31 - 00000000 ____D C:\Users\legendofham\AppData\Local\{35820B7E-6DCB-4ED4-82F1-5AA561A0B3CD}

2012-07-05 15:30 - 2012-07-05 15:31 - 00000000 ____D C:\Users\legendofham\AppData\Local\{369376C9-BA92-4D2B-BA15-D085BE68506B}

2012-07-05 15:18 - 2012-07-05 15:19 - 00000000 ____D C:\Users\legendofham\AppData\Local\{29661DFA-44B5-4E21-B1DE-65710CC87C13}

2012-07-05 15:18 - 2012-07-05 15:18 - 00000000 ____D C:\Users\legendofham\AppData\Local\{94F657B0-4A60-483D-8136-A18B776A4D83}

2012-07-05 13:53 - 2012-07-05 13:53 - 00000000 ____D C:\Users\legendofham\AppData\Local\{16876BC9-54F0-40E0-B26B-100C90CD61C6}

2012-07-05 13:01 - 2012-07-05 13:01 - 00000000 ____D C:\Users\legendofham\AppData\Local\{21A499AE-B085-423C-BE2E-F496D2C0DE10}

2012-07-05 09:46 - 2012-07-05 09:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{FF16315B-821A-4FAF-BF33-E574DB25DA2C}

2012-07-05 09:46 - 2012-07-05 09:46 - 00000000 ____D C:\Users\legendofham\AppData\Local\{15508285-69BA-4781-B2F1-8AABD7F4A0BC}

2012-07-04 22:54 - 2012-07-04 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{638D644B-80D6-4656-BE47-8740051AA1A6}

2012-07-04 22:54 - 2012-07-04 22:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{052B1C65-7CFA-444E-9583-499DEB72B802}

2012-07-04 18:07 - 2012-07-04 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{7ED2C154-58EC-49E1-AEE1-6379358548BD}

2012-07-04 18:07 - 2012-07-04 18:07 - 00000000 ____D C:\Users\legendofham\AppData\Local\{55537BB2-2B8A-4703-A403-F7FA3ABD22CA}

2012-07-04 17:20 - 2012-07-04 17:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CB5B6C5E-729C-4763-A0F1-0BD3EDA5A479}

2012-07-04 17:20 - 2012-07-04 17:20 - 00000000 ____D C:\Users\legendofham\AppData\Local\{A303568D-431E-4815-A0A4-F7790B70278A}

2012-07-04 07:54 - 2012-07-04 07:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{6A2C8EA5-5916-44C3-AAAF-1FBC6BE394C4}

2012-07-04 07:54 - 2012-07-04 07:54 - 00000000 ____D C:\Users\legendofham\AppData\Local\{EB5231CD-C768-4BED-B55C-73F02BF9EC91}

2012-07-03 22:55 - 2012-07-03 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B26DFA71-ADA1-4317-805D-1DA0CB2C0A8A}

2012-07-03 22:54 - 2012-07-03 22:55 - 00000000 ____D C:\Users\legendofham\AppData\Local\{F63A9CC7-F197-46BA-9827-5C98E4991156}

2012-07-03 22:02 - 2012-07-03 22:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D5CBFD60-0207-428B-A991-2EFE97661735}

2012-07-03 22:01 - 2012-07-03 22:02 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4DF7395F-55E1-494F-984E-587028BA509A}

2012-07-03 21:48 - 2012-07-04 17:08 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-03 21:48 - 2012-07-03 21:48 - 00000000 ____D C:\Users\legendofham\AppData\Local\PunkBuster

2012-07-03 21:40 - 2012-07-04 17:08 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-03 21:40 - 2012-07-03 22:23 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-03 21:40 - 2012-07-03 21:48 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-07-03 21:40 - 2012-07-03 21:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2012-07-03 21:40 - 2012-07-03 21:29 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-07-03 19:17 - 2012-07-03 19:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{01C994DB-6FFD-4755-86D6-84E28A45A1B5}

2012-07-03 19:16 - 2012-07-03 19:17 - 00000000 ____D C:\Users\legendofham\AppData\Local\{8F7E7583-7DCF-4029-A0BF-490DBDCF3A08}

2012-07-03 18:11 - 2012-07-03 18:11 - 00000000 ____D C:\Users\legendofham\AppData\Local\AskToolbar

2012-07-03 18:09 - 2012-07-03 18:10 - 00000000 ____D C:\Users\legendofham\AppData\Local\{DF918E37-E805-4A46-A230-3757131A8AA3}

2012-07-03 18:09 - 2012-07-03 18:09 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B24F570B-7216-40E2-BB04-4EC1677D5518}

2012-07-03 15:23 - 2012-07-03 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{4FC5B28F-D387-46C1-B48C-4F65E9E1CBD9}

2012-07-03 15:22 - 2012-07-03 15:23 - 00000000 ____D C:\Users\legendofham\AppData\Local\{AE85D198-3368-4F2E-B953-B5498B2F8008}

2012-07-03 13:43 - 2012-07-03 13:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{D1E3F921-EDBC-4035-A192-57E87057F8D5}

2012-07-03 13:42 - 2012-07-03 13:43 - 00000000 ____D C:\Users\legendofham\AppData\Local\{B8EE7EDB-B219-4445-B957-8EB94CE3316D}

2012-07-03 11:13 - 2012-07-03 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{843CF25A-894E-4883-BF1F-31B61C522AAC}

2012-07-03 11:12 - 2012-07-03 11:13 - 00000000 ____D C:\Users\legendofham\AppData\Local\{316CB40A-9549-442B-BCC1-4BCD38203E35}

2012-07-03 10:41 - 2012-07-03 10:42 - 00000000 ____D C:\Users\legendofham\AppData\Local\{35B83A2D-5140-45E4-AA95-CD888EB52926}

2012-07-03 10:41 - 2012-07-03 10:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{47D77FCA-9E72-4AFF-8668-26EC19E5CE58}

2012-07-03 09:41 - 2012-07-03 09:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{CFAD68A8-71BF-46DE-A7FD-66D65372028F}

2012-07-03 09:41 - 2012-07-03 09:41 - 00000000 ____D C:\Users\legendofham\AppData\Local\{75E904AA-38D4-4AD3-8EA7-16A553385622}

============ 3 Months Modified Files ========================

2012-08-02 19:18 - 2012-08-02 19:18 - 00058467 ____A C:\Users\legendofham\Desktop\FRST.txt

2012-08-02 19:16 - 2009-07-13 21:13 - 00778112 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-02 19:13 - 2012-06-29 07:37 - 00006582 ____A C:\Windows\PFRO.log

2012-08-02 19:10 - 2012-08-02 19:16 - 01438391 ____A (Farbar) C:\Users\legendofham\Desktop\FRST64.exe

2012-08-02 19:04 - 2012-08-02 19:04 - 00002818 ____A C:\Users\legendofham\Desktop\RKreport[3].txt

2012-08-02 19:03 - 2012-08-02 19:03 - 00002576 ____A C:\Users\legendofham\Desktop\RKreport[2].txt

2012-08-02 19:01 - 2012-06-20 16:12 - 00012546 ____A C:\Windows\setupact.log

2012-08-02 19:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-02 18:33 - 2012-08-02 18:33 - 00002558 ____A C:\Users\legendofham\Desktop\RKreport[1].txt

2012-08-02 18:32 - 2012-08-02 18:32 - 01552384 ____A C:\Users\legendofham\Desktop\RogueKiller.exe

2012-08-02 15:16 - 2012-05-22 19:38 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-02 15:09 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-02 15:09 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-02 15:01 - 2012-08-02 15:01 - 00061594 ____A C:\Users\legendofham\Desktop\DDS.txt

2012-08-02 15:01 - 2012-08-02 15:01 - 00015329 ____A C:\Users\legendofham\Desktop\Attach.txt

2012-08-02 14:56 - 2011-12-22 10:57 - 01338562 ____A C:\Windows\WindowsUpdate.log

2012-08-02 14:45 - 2012-04-14 22:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-02 14:16 - 2012-05-22 19:38 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-02 11:43 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-02 11:18 - 2012-05-22 19:39 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-08-02 11:07 - 2012-08-02 11:07 - 01624358 ____A C:\Users\legendofham\Desktop\mcpatcher-2.4.1_01.exe

2012-07-26 16:44 - 2012-04-14 22:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-26 16:44 - 2012-04-14 22:07 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-24 21:00 - 2012-07-24 20:58 - 75552096 ____A C:\Users\legendofham\Desktop\God of Deceit V 1.0.zip

2012-07-24 16:18 - 2012-04-15 16:08 - 00000988 ____A C:\Users\legendofham\Desktop\Bandicam.lnk

2012-07-23 12:45 - 2011-12-21 19:27 - 00002083 ____A C:\Users\Public\Desktop\Easy Software Manager.lnk

2012-07-20 14:58 - 2012-07-20 14:58 - 00002156 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk

2012-07-20 14:52 - 2012-07-20 14:51 - 00034572 ____A C:\Users\legendofham\AppData\Local\c4u.log

2012-07-20 14:51 - 2012-04-20 15:49 - 00181940 ____A C:\Users\legendofham\AppData\Local\installer.log

2012-07-20 11:48 - 2012-06-28 09:51 - 00001239 ____A C:\Users\legendofham\Desktop\DVDVideoSoft Free Studio.lnk

2012-07-18 21:51 - 2012-07-18 21:51 - 00001052 ____A C:\Users\legendofham\Desktop\DOOM3 - Shortcut.lnk

2012-07-18 21:44 - 2012-06-12 20:25 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-18 20:59 - 2012-07-18 20:59 - 00000943 ____A C:\Users\Public\Desktop\猥orrent.lnk

2012-07-18 17:39 - 2012-07-18 17:39 - 00000009 ____A C:\END

2012-07-17 11:02 - 2012-06-28 09:50 - 00405144 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll

2012-07-16 12:29 - 2012-07-16 12:29 - 00001176 ____A C:\Users\Public\Desktop\Paint.NET.lnk

2012-07-16 12:19 - 2012-07-16 12:19 - 00001478 ____A C:\Users\legendofham\AppData\Local\recently-used.xbel

2012-07-16 11:32 - 2012-07-16 11:32 - 00001901 ____A C:\Users\Public\Desktop\LOL Recorder.lnk

2012-07-13 22:51 - 2012-07-06 12:43 - 00017993 ____A C:\Windows\DirectX.log

2012-07-09 23:19 - 2012-07-09 23:19 - 00001007 ____A C:\Users\legendofham\Desktop\Audacity.lnk

2012-07-04 17:08 - 2012-07-03 21:48 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-04 17:08 - 2012-07-03 21:40 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-03 22:23 - 2012-07-03 21:40 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-03 21:48 - 2012-07-03 21:40 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-07-03 21:43 - 2012-04-14 18:21 - 00764126 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-07-03 21:29 - 2012-07-03 21:40 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-07-03 12:46 - 2012-06-12 20:25 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-28 10:16 - 2012-06-28 10:16 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-20 16:12 - 2012-06-20 16:12 - 00000000 ____A C:\Windows\setuperr.log

2012-06-13 22:54 - 2012-06-13 22:54 - 00002066 ____A C:\Users\Public\Desktop\Avira Control Center.lnk

2012-06-12 20:56 - 2012-06-12 20:56 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-06-09 19:12 - 2012-06-09 19:12 - 00278561 ____A C:\Users\legendofham\Desktop\Minecraft(1).exe

2012-06-09 12:24 - 2012-06-09 12:24 - 00227784 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-06-09 12:24 - 2012-06-09 12:24 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-06-09 12:24 - 2012-06-09 12:24 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-06-09 12:23 - 2012-06-09 12:23 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll

2012-06-09 12:23 - 2012-06-09 12:23 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-06-09 12:23 - 2012-06-09 12:23 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2012-06-09 12:23 - 2012-06-09 12:23 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-06-09 12:23 - 2012-06-09 12:23 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-06-02 14:19 - 2012-06-20 16:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-20 16:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-20 16:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:19 - 2012-06-20 16:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-20 16:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-20 16:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-20 16:19 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-20 16:19 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:15 - 2012-06-20 16:19 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-05-25 15:35 - 2012-04-15 18:25 - 00001041 ____A C:\Users\legendofham\Desktop\Dropbox.lnk

2012-05-22 22:16 - 2009-07-13 20:45 - 00425368 ____A C:\Windows\System32\FNTCACHE.DAT

2012-05-22 22:10 - 2012-05-22 22:10 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf

2012-05-22 21:44 - 2012-05-22 21:44 - 00008192 ____A C:\Windows\SysWOW64\srvany.exe

2012-05-22 21:29 - 2012-04-14 18:18 - 00113928 ____A C:\Users\legendofham\AppData\Local\GDIPFONTCACHEV1.DAT

2012-05-22 19:59 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-05-22 19:39 - 2012-05-22 19:39 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-05-22 19:38 - 2012-05-22 19:37 - 03654896 ____A (Piriform Ltd) C:\Users\legendofham\Downloads\ccsetup318.exe

2012-05-16 15:12 - 2012-05-03 22:36 - 00000989 ____A C:\Users\legendofham\Desktop\Handbrake.lnk

2012-05-14 19:32 - 2012-05-14 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf

ZeroAccess:

C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}

C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%

Total physical RAM: 5611.74 MB

Available physical RAM: 4913.59 MB

Total Pagefile: 5609.94 MB

Available Pagefile: 4905.24 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:179 GB) (Free:67.96 GB) NTFS

2 Drive d: () (Fixed) (Total:267.06 GB) (Free:190.63 GB) NTFS

3 Drive f: (SAMSUNG_REC) (Fixed) (Total:19.6 GB) (Free:0.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive h: (LEGENDOFHAM) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 2048 KB

Disk 1 Online 7648 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 179 GB 101 MB

Partition 0 Extended 267 GB 179 GB

Partition 4 Logical 267 GB 179 GB

Partition 3 Recovery 19 GB 446 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 179 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D NTFS Partition 267 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F SAMSUNG_REC NTFS Partition 19 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7647 MB 40 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H LEGENDOFHAM FAT32 Removable 7647 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-28 19:41

======================= End Of Log ==========================

Search:

Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-02 20:25:06

Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Make sure "word wrap" under Format is unchecked! Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


use the attached fixlist.txt!!!!!

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Copy the attached fixlist.txt to your flash drive and then plug into the computer.

: Now please enter System Recovery Options as before

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Here it is: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-02 20:55:59 Run:1

Running from H:\

==============================================

C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f} moved successfully.

C:\Windows\Installer\{fe3f9c4e-adea-ada9-3173-a79bfa2feb7f} not found.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Thanks for helping at your time. Here is the report of the quick scan.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.02.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

legendofham :: LEGENDOFHAM-PC [limited]

02/08/2012 9:03:48 PM

mbam-log-2012-08-02 (21-03-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197804

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

It looks clean and the computer is running smoothly. Is there anything else i need to be aware about?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.