Solved Need help removing Windows 64 /Patched.a in c:\Windows\system32\services.exe

Here is the ESET log -

C:\Users\Lunceford\Downloads\Music\john mayer continuum.mp3a variant of WMA/TrojanDownloader.GetCodec.gen trojancleaned - quarantined
 
I have turned the firewall on...didnt even know it was turned off!

Farbar Service Scanner Version: 14-04-2013
Ran by Lunceford (administrator) on 18-05-2013 at 10:31:38
Windows 7 Professional Service Pack 1 (X64)

************************************************
======== Search: "services.msc" =========

C:\Windows\System32\services.msc
[2009-07-13 14:34] - [2009-06-10 13:38] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

C:\Windows\System32\en-US\services.msc
[2011-04-12 01:17] - [2011-04-12 01:17] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009-07-13 14:44] - [2009-06-10 14:21] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2011-04-12 01:17] - [2011-04-12 01:17] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009-07-13 14:34] - [2009-06-10 13:38] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2011-04-12 01:17] - [2011-04-12 01:17] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

C:\Windows\SysWOW64\services.msc
[2009-07-13 14:44] - [2009-06-10 14:21] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

C:\Windows\SysWOW64\en-US\services.msc
[2011-04-12 01:17] - [2011-04-12 01:17] - 0092745 ____A () 7A1D35F59468B8118AF5B8E21DF78AE2

====== End Of Search ======
 
This is incorrect log.
I didn't ask to search for anything.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Farbar Service Scanner Version: 14-04-2013
Ran by Lunceford (administrator) on 19-05-2013 at 19:46:11
Running from "C:\Users\Lunceford\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-13 16:54] - [2009-07-13 18:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
You didn't set Windows Defender service to disabled.
Please redo and post new FSS log.
 
I do not see a Windows Defender in the Services folder. I see a WinDefend that is disabled - but no Windows Defender. When I run FSS it comes up with the same log as previously posted.
 
Here is a list of what comes up in my servicesName
ActiveX Installer (AxInstSV)
Adaptive Brightness
Adobe Acrobat Update Service
Adobe Flash Player Update Service
Application Experience
Application Identity
Application Information
Application Layer Gateway Service
Application Management
ASP.NET State Service
avast! Antivirus
Background Intelligent
Base Filtering Engine
BitLocker Drive Encryption Service
Block Level Backup Engine Service
Bluetooth Support Service
BranchCache
Certificate Propagation
CNG Key Isolation
COM+ Event System
COM+ System Application
Computer Browser
Credential Manager
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Disk Defragmenter
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Encrypting File System (EFS)
Extensible Authentication Protocol
Fax
FLEXnet Licensing Service
Function Discovery Provider Host
Function Discovery Resource Publication
Google Update Service (gupdate)
Google Update Service (gupdatem)
Google Updater Service
Group Policy Client
Health Key and Certificate Management
HomeGroup Listener
HomeGroup Provider
Human Interface Device Access
IKE and AuthIP IPsec Keying Modules
Interactive Services Detection
Internet Connection Sharing (ICS)
IP Helper
IPsec Policy Agent
KtmRm for Distributed Transaction Coordinator
LeapFrog Connect Device Service
Link-Layer Topology Discovery Mapper
lxde_device
MBAMScheduler
MBAMService
Media Center Extender Service
Microsoft .NET Framework NGEN v2.0.50727_X64
Microsoft .NET Framework NGEN v2.0.50727_X86
Microsoft .NET Framework NGEN v4.0.30319_X64
Microsoft .NET Framework NGEN v4.0.30319_X86
Microsoft iSCSI Initiator Service
Microsoft Office Diagnostics Service
Microsoft Office Groove Audit Service
Microsoft Software Shadow Copy Provider
Multimedia Class Scheduler
Net.Msmq Listener Adapter
Net.Pipe Listener Adapter
Net.Tcp Listener Adapter
Net.Tcp Port Sharing Service
Netlogon
Network Access Protection Agent
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
NVIDIA Display Driver Service
NVIDIA Stereoscopic 3D Driver Service
NVIDIA Update Service Daemon
Office Source Engine
Offline Files
Parental Controls
Peer Name Resolution Protocol
Peer Networking Grouping
Peer Networking Identity Manager
Performance Counter DLL Host
Performance Logs & Alerts
Plug and Play
PnP-X IP Bus Enumerator
PNRP Machine Name Publication Service
Portable Device Enumerator Service
Power
Print Spooler
Problem Reports and Solutions Control Panel Support
Program Compatibility Assistant Service
Protected Storage
Quality Windows Audio Video Experience
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Configuration
Remote Desktop Services
Remote Desktop Services UserMode Port Redirector
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Routing and Remote Access
RPC Endpoint Mapper
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Smart Card
Smart Card Removal Policy
SNMP Trap
Software Protection
SPP Notification Service
SSDP Discovery
Steam Client Service
Storage ServiceEnforces group policy for storage devices
Superfetch
System Event Notification Service
Tablet PC Input
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Themes
Thread Ordering Server
TPM Base Services
UPnP Device Host
User Profile Service
Virtual Disk
Volume Shadow Copy
vToolbarUpdater15.1.0
WebClient
WinDefend<Failed to Read Description. Error Code: 5 >
Windows Activation Technologies
Windows Audio
Windows Audio Endpoint Builder
Windows Backup
Windows Biometric Service
Windows CardSpace
Windows Color System
Windows Connect Now
Windows Driver Foundation
Windows Error Reporting
Windows Event Collector
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
Windows Media Center Receiver Service
Windows Media Center Scheduler Service
Windows Media Player Network Sharing Service
Windows Modules Installer
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Remote Management (WS-Management)
Windows Search
Windows Time
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
Wired AutoConfig
WLAN AutoConfig
WMI Performance Adapter
Workstation
WWAN AutoConfig
 
WinDefend<Failed to Read Description. Error Code: 5 >
Click to expand...
This is the one.

We're dealing here with brand new type of infection so we have to proceed cautiously.
I'm not sure how much longer I can stay here because bed time is coming but let's try to get started.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
  • Press Scan button.[/*]
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013
Ran by Lunceford (administrator) on 19-05-2013 21:11:23
Running from C:\Users\Lunceford\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(LeapFrog Enterprises, Inc.) C:\Users\Lunceford\Desktop\Molly\LeapFrog Connect\CommandService.exe
( ) C:\Windows\SysWOW64\lxdecoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Lunceford\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)
HKCU\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [578560 2013-03-20] (Samsung Electronics)
HKCU\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1511792 2013-03-28] (Samsung)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig
CHR RestoreOnStartup: "hxxp://www.google.com/ig"
CHR DefaultSearchURL: (Web Search) - http://www.searchqu.com/web?src=crb&appid=153&systemid=101&sr=0&q={searchTerms}
CHR DefaultSuggestURL: (Web Search) - "suggest_url": "",
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Lunceford\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lunceford\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lunceford\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Lunceford\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0
CHR Extension: (Plants vs Zombies) - C:\Users\Lunceford\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0
CHR Extension: (Gmail) - C:\Users\Lunceford\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 LeapFrog Connect Device Service; C:\Users\Lunceford\Desktop\Molly\LeapFrog Connect\CommandService.exe [7392648 2012-09-28] (LeapFrog Enterprises, Inc.)
R2 lxde_device; C:\Windows\SysWOW64\lxdecoms.exe [1052840 2007-12-07] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2013-05-12] (AVG Secure Search)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2013-05-12] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [272448 2012-11-10] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-19 21:10 - 2013-05-19 21:10 - 01877468 ____A (Farbar) C:\Users\Lunceford\Downloads\FRST64 (1).exe
2013-05-19 20:25 - 2013-05-19 20:25 - 00046850 ____A C:\Users\Lunceford\Desktop\list.txt
2013-05-18 21:29 - 2013-05-18 21:29 - 00000000 ____D C:\Users\Lunceford\Downloads\The Bourne Legacy (2012)
2013-05-18 10:29 - 2013-05-18 10:29 - 00160639 ____A C:\Users\Lunceford\Downloads\JavaRa-1.16-16-12-11.zip
2013-05-18 10:28 - 2013-05-18 10:28 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-18 10:28 - 2013-05-18 10:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-18 10:28 - 2013-05-18 10:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-18 10:28 - 2013-05-18 10:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-18 10:26 - 2013-05-18 10:26 - 00903072 ____A (Oracle Corporation) C:\Users\Lunceford\Downloads\chromeinstall-7u21.exe
2013-05-18 07:23 - 2013-05-18 07:23 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-18 07:22 - 2013-05-18 07:22 - 02347384 ____A (ESET) C:\Users\Lunceford\Downloads\esetsmartinstaller_enu.exe
2013-05-17 22:04 - 2013-05-19 20:17 - 00002567 ____A C:\Users\Lunceford\Downloads\FSS.txt
2013-05-17 22:04 - 2013-05-17 22:04 - 00448512 ____A (OldTimer Tools) C:\Users\Lunceford\Downloads\TFC.exe
2013-05-17 21:53 - 2013-05-17 21:54 - 00354299 ____A (Farbar) C:\Users\Lunceford\Downloads\FSS.exe
2013-05-17 21:52 - 2013-05-17 21:52 - 00890825 ____A C:\Users\Lunceford\Downloads\SecurityCheck.exe
2013-05-17 21:48 - 2013-05-17 21:48 - 00000000 ____D C:\_OTL
2013-05-17 18:52 - 2013-05-17 18:52 - 00065639 ____A C:\Users\Lunceford\Downloads\[kat.ph]wuthering.heights.2011.dvdscr.xvid.vip3r.torrent
2013-05-17 18:37 - 2013-05-17 18:37 - 00057564 ____A C:\Users\Lunceford\Downloads\[kat.ph]warm.bodies.2013.webrip.xvid.j****.torrent
2013-05-17 03:01 - 2013-04-04 23:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 03:01 - 2013-04-04 23:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 03:01 - 2013-04-04 23:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-17 03:01 - 2013-04-04 23:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 03:01 - 2013-04-04 23:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-17 03:01 - 2013-04-04 22:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 03:01 - 2013-04-04 22:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-17 03:01 - 2013-04-04 22:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-17 03:01 - 2013-04-04 21:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 03:01 - 2013-04-04 21:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-17 03:01 - 2013-04-04 20:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-17 03:01 - 2013-04-04 20:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-16 20:12 - 2013-05-16 20:12 - 00081674 ____A C:\Users\Lunceford\Downloads\OTL.Txt
2013-05-16 20:12 - 2013-05-16 20:12 - 00039334 ____A C:\Users\Lunceford\Downloads\Extras.Txt
2013-05-16 20:00 - 2013-05-16 20:00 - 00602112 ____A (OldTimer Tools) C:\Users\Lunceford\Downloads\OTL.exe
2013-05-16 19:59 - 2013-04-09 23:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 19:58 - 2013-04-09 23:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-16 19:58 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 19:58 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-16 19:58 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-16 19:58 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 19:58 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 19:58 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 19:58 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-16 19:58 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 19:58 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-16 19:58 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-16 19:58 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-16 19:58 - 2011-02-03 04:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 19:54 - 2013-05-16 19:54 - 00000000 ____D C:\Windows\ERUNT
2013-05-16 19:54 - 2013-05-16 19:54 - 00000000 ____D C:\JRT
2013-05-16 19:53 - 2013-05-16 19:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Lunceford\Downloads\JRT.exe
2013-05-16 19:51 - 2013-05-17 21:49 - 00004460 ____A C:\Windows\PFRO.log
2013-05-16 19:47 - 2013-05-16 19:47 - 00007323 ____A C:\AdwCleaner[S1].txt
2013-05-16 19:47 - 2013-05-16 19:47 - 00000121 ____A C:\Windows\DeleteOnReboot.bat
2013-05-16 19:46 - 2013-05-16 19:46 - 00632031 ____A C:\Users\Lunceford\Downloads\adwcleaner.exe
2013-05-16 17:13 - 2013-05-16 17:27 - 00000000 ____D C:\ComboFix
2013-05-16 17:13 - 2013-05-16 17:26 - 00000000 ____D C:\Qoobox
2013-05-16 17:13 - 2013-05-16 17:25 - 00000000 ____D C:\Windows\erdnt
2013-05-16 17:13 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-16 17:13 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-16 17:13 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-16 17:13 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-16 17:13 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-16 17:13 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-16 17:13 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-16 17:13 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-16 17:12 - 2013-05-16 17:13 - 05066411 ____R (Swearware) C:\Users\Lunceford\Downloads\ComboFix.exe
2013-05-15 22:01 - 2013-05-15 22:01 - 00000000 ____D C:\Users\Lunceford\AppData\Local\Avg2013
2013-05-15 22:00 - 2013-05-15 22:00 - 12917756 ____A C:\Users\Lunceford\Downloads\mbar-1.05.0.1001.zip
2013-05-15 22:00 - 2013-05-15 22:00 - 00791040 ____A C:\Users\Lunceford\Downloads\RogueKillerX64.exe
2013-05-15 21:40 - 2013-05-15 21:40 - 00000000 ____D C:\Users\Lunceford\AppData\Roaming\Malwarebytes
2013-05-15 21:40 - 2013-05-15 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-15 21:40 - 2013-05-15 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-15 21:40 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-15 21:39 - 2013-05-15 21:39 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Lunceford\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-15 21:38 - 2013-05-15 21:38 - 00000000 ____D C:\Users\Lunceford\AppData\LocalGoogle
2013-05-15 21:37 - 2013-05-15 21:37 - 00688992 ____R (Swearware) C:\Users\Lunceford\Downloads\dds.com
2013-05-15 21:37 - 2013-05-15 21:37 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-15 21:37 - 2013-05-09 01:59 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-15 21:37 - 2013-05-09 01:59 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-15 21:37 - 2013-05-09 01:59 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-15 21:37 - 2013-05-09 01:59 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-15 21:37 - 2013-05-09 01:59 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-15 21:37 - 2013-05-09 01:59 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-15 21:37 - 2013-05-09 01:59 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-15 21:37 - 2013-05-09 01:59 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-15 21:37 - 2013-05-09 01:58 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-15 21:37 - 2013-05-09 01:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-15 21:36 - 2013-05-15 21:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-15 21:36 - 2013-05-15 21:36 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-15 21:35 - 2013-05-15 21:36 - 117478104 ____A C:\Users\Lunceford\Downloads\avast_free_antivirus_setup.exe
2013-05-15 21:26 - 2013-05-15 21:26 - 00000442 ____A C:\Users\Lunceford\Downloads\fixlist.txt
2013-05-15 18:54 - 2013-05-19 20:01 - 00000560 ____A C:\Windows\setupact.log
2013-05-15 18:54 - 2013-05-15 18:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-15 18:35 - 2013-05-15 18:35 - 01877416 ____A (Farbar) C:\Users\Lunceford\Downloads\FRST64.exe
2013-05-15 18:35 - 2013-05-15 18:35 - 00000000 ____D C:\FRST
2013-05-15 15:57 - 2013-05-15 15:58 - 69644472 ____A (Anthropics Technology Ltd. ) C:\Users\Lunceford\Downloads\PortraitProfessionalTrialSetup.exe
2013-05-14 19:13 - 2013-05-14 19:13 - 06953496 ____A (Microsoft Corporation) C:\Users\Lunceford\Downloads\Silverlight.exe
2013-05-14 09:11 - 2013-05-14 09:11 - 90095616 ____A C:\Users\Lunceford\Downloads\avg_arl_cdi_all_120_120823a5411 (1).iso
2013-05-14 08:21 - 2013-05-14 08:22 - 102010580 ____A C:\Users\Lunceford\Downloads\avg_arl_ffi_all_120_120823a5411.zip
2013-05-14 08:15 - 2013-05-15 22:01 - 00000000 ____D C:\ProgramData\MFAData
2013-05-14 08:15 - 2013-05-14 08:15 - 04459360 ____A (AVG Technologies) C:\Users\Lunceford\Downloads\avg_avct_stb_all_2013_3336.exe
2013-05-14 08:15 - 2013-05-14 08:15 - 00000000 ____D C:\Users\Lunceford\AppData\Local\MFAData
2013-05-14 08:10 - 2013-05-14 08:13 - 00518002 ____A C:\Users\Lunceford\Downloads\avgremover.log
2013-05-14 08:10 - 2013-05-14 08:10 - 03222280 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Lunceford\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-05-14 07:27 - 2013-05-14 07:27 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-05-13 12:38 - 2013-05-13 12:38 - 00000408 ____A C:\Users\Lunceford\Downloads\redir (1)
2013-05-13 12:38 - 2013-05-13 12:38 - 00000408 ____A C:\Users\Lunceford\Downloads\redir
2013-05-13 12:34 - 2013-05-13 12:34 - 00043047 ____A C:\Users\Lunceford\Downloads\index.html
2013-05-13 07:14 - 2013-05-13 07:15 - 90095616 ____A C:\Users\Lunceford\Downloads\avg_arl_cdi_all_120_120823a5411.iso
2013-05-12 22:16 - 2013-05-12 22:15 - 00040736 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-12 22:02 - 2013-05-12 22:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-05-12 22:02 - 2013-05-12 22:02 - 00000000 ____A C:\autoexec.bat
2013-05-10 05:36 - 2013-05-10 05:36 - 00354918 ____A C:\Users\Lunceford\Downloads\BALister_Soviet_v.1.4.xlsx
2013-05-10 05:35 - 2013-05-10 05:35 - 00348683 ____A C:\Users\Lunceford\Downloads\BALister_US_v.1.2.xlsx
2013-05-10 05:34 - 2013-05-10 05:34 - 00353633 ____A C:\Users\Lunceford\Downloads\BALister_German_v.1.0.xlsx
2013-05-10 05:34 - 2013-05-10 05:34 - 00345174 ____A C:\Users\Lunceford\Downloads\BALister_Commonwealth_v.1.3.xlsx
2013-05-05 08:10 - 2013-05-05 08:10 - 00000000 ____D C:\ProgramData\RELOADED
2013-05-05 07:27 - 2013-05-05 07:27 - 00000000 ____D C:\Users\Lunceford\AppData\Roaming\WinRAR
2013-04-27 18:10 - 2013-04-27 18:10 - 00000000 ____D C:\Users\Lunceford\AppData\Local\signal studios
2013-04-23 21:47 - 2013-04-12 07:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-21 13:37 - 2013-04-21 13:37 - 00000000 ____D C:\Users\Lunceford\Downloads\Harry Potter saga UK version - mobi (Kindle)

==================== One Month Modified Files and Folders =======

2013-05-19 21:10 - 2013-05-19 21:10 - 01877468 ____A (Farbar) C:\Users\Lunceford\Downloads\FRST64 (1).exe
2013-05-19 20:51 - 2012-11-10 07:36 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-19 20:25 - 2013-05-19 20:25 - 00046850 ____A C:\Users\Lunceford\Desktop\list.txt
2013-05-19 20:20 - 2012-12-22 11:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-19 20:17 - 2013-05-17 22:04 - 00002567 ____A C:\Users\Lunceford\Downloads\FSS.txt
2013-05-19 20:15 - 2012-11-10 07:36 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-19 20:15 - 2009-02-26 19:20 - 00000000 ___DC C:\Program Files (x86)\Steam
2013-05-19 20:08 - 2009-07-13 21:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-19 20:08 - 2009-07-13 21:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-19 20:01 - 2013-05-15 18:54 - 00000560 ____A C:\Windows\setupact.log
2013-05-19 20:01 - 2012-12-16 11:36 - 00004900 ____A C:\ProgramData\lxde.log
2013-05-19 20:01 - 2012-11-10 22:04 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-19 20:01 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-19 19:58 - 2012-11-10 07:34 - 01663159 ____A C:\Windows\WindowsUpdate.log
2013-05-19 14:19 - 2012-02-22 09:02 - 00000000 ____D C:\Users\Lunceford\Downloads\Movies
2013-05-18 21:51 - 2012-06-20 16:47 - 00000000 ___DC C:\Program Files\PeerBlock
2013-05-18 21:29 - 2013-05-18 21:29 - 00000000 ____D C:\Users\Lunceford\Downloads\The Bourne Legacy (2012)
2013-05-18 17:59 - 2009-07-13 22:13 - 00796332 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 10:30 - 2012-11-10 07:20 - 00000000 ____D C:\Users\Lunceford\AppData\Local\VirtualStore
2013-05-18 10:29 - 2013-05-18 10:29 - 00160639 ____A C:\Users\Lunceford\Downloads\JavaRa-1.16-16-12-11.zip
2013-05-18 10:29 - 2012-06-30 21:03 - 00000000 ____D C:\Users\Lunceford\Desktop\Alyx
2013-05-18 10:28 - 2013-05-18 10:28 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-18 10:28 - 2013-05-18 10:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-18 10:28 - 2013-05-18 10:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-18 10:28 - 2013-05-18 10:28 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-18 10:28 - 2013-01-11 11:05 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-18 10:28 - 2013-01-11 11:05 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-18 10:28 - 2009-06-12 16:39 - 00000000 ___DC C:\Program Files (x86)\Java
2013-05-18 10:26 - 2013-05-18 10:26 - 00903072 ____A (Oracle Corporation) C:\Users\Lunceford\Downloads\chromeinstall-7u21.exe
2013-05-18 07:23 - 2013-05-18 07:23 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-18 07:22 - 2013-05-18 07:22 - 02347384 ____A (ESET) C:\Users\Lunceford\Downloads\esetsmartinstaller_enu.exe
2013-05-17 22:04 - 2013-05-17 22:04 - 00448512 ____A (OldTimer Tools) C:\Users\Lunceford\Downloads\TFC.exe
2013-05-17 21:54 - 2013-05-17 21:53 - 00354299 ____A (Farbar) C:\Users\Lunceford\Downloads\FSS.exe
2013-05-17 21:52 - 2013-05-17 21:52 - 00890825 ____A C:\Users\Lunceford\Downloads\SecurityCheck.exe
2013-05-17 21:49 - 2013-05-16 19:51 - 00004460 ____A C:\Windows\PFRO.log
2013-05-17 21:48 - 2013-05-17 21:48 - 00000000 ____D C:\_OTL
2013-05-17 19:30 - 2012-11-10 09:07 - 00000000 ____D C:\Users\Lunceford\AppData\Roaming\BitTorrent
2013-05-17 18:52 - 2013-05-17 18:52 - 00065639 ____A C:\Users\Lunceford\Downloads\[kat.ph]wuthering.heights.2011.dvdscr.xvid.vip3r.torrent
2013-05-17 18:37 - 2013-05-17 18:37 - 00057564 ____A C:\Users\Lunceford\Downloads\[kat.ph]warm.bodies.2013.webrip.xvid.j****.torrent
2013-05-17 17:05 - 2009-02-26 19:27 - 00000000 ____D C:\Users\Lunceford\Documents\My Games
2013-05-17 17:04 - 2009-02-13 23:07 - 00000000 ___RD C:\Users\Lunceford\Desktop\Games
2013-05-17 06:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 05:28 - 2009-07-13 21:45 - 00420416 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 03:19 - 2012-11-10 15:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-17 03:11 - 2012-11-15 21:58 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 21:16 - 2011-04-02 08:08 - 00000000 ____D C:\Users\Lunceford\Desktop\Molly
2013-05-16 20:12 - 2013-05-16 20:12 - 00081674 ____A C:\Users\Lunceford\Downloads\OTL.Txt
2013-05-16 20:12 - 2013-05-16 20:12 - 00039334 ____A C:\Users\Lunceford\Downloads\Extras.Txt
2013-05-16 20:00 - 2013-05-16 20:00 - 00602112 ____A (OldTimer Tools) C:\Users\Lunceford\Downloads\OTL.exe
2013-05-16 19:54 - 2013-05-16 19:54 - 00000000 ____D C:\Windows\ERUNT
2013-05-16 19:54 - 2013-05-16 19:54 - 00000000 ____D C:\JRT
2013-05-16 19:53 - 2013-05-16 19:53 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Lunceford\Downloads\JRT.exe
2013-05-16 19:47 - 2013-05-16 19:47 - 00007323 ____A C:\AdwCleaner[S1].txt
2013-05-16 19:47 - 2013-05-16 19:47 - 00000121 ____A C:\Windows\DeleteOnReboot.bat
2013-05-16 19:46 - 2013-05-16 19:46 - 00632031 ____A C:\Users\Lunceford\Downloads\adwcleaner.exe
2013-05-16 17:27 - 2013-05-16 17:13 - 00000000 ____D C:\ComboFix
2013-05-16 17:26 - 2013-05-16 17:13 - 00000000 ____D C:\Qoobox
2013-05-16 17:25 - 2013-05-16 17:13 - 00000000 ____D C:\Windows\erdnt
2013-05-16 17:25 - 2009-07-13 19:34 - 00000215 ____A C:\Windows\system.ini
2013-05-16 17:24 - 2012-12-10 13:39 - 00000000 ____D C:\Users\Lunceford\AppData\Roaming\xx
2013-05-16 17:13 - 2013-05-16 17:12 - 05066411 ____R (Swearware) C:\Users\Lunceford\Downloads\ComboFix.exe
2013-05-16 01:38 - 2012-11-10 09:19 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2013-05-15 22:01 - 2013-05-15 22:01 - 00000000 ____D C:\Users\Lunceford\AppData\Local\Avg2013
2013-05-15 22:01 - 2013-05-14 08:15 - 00000000 ____D C:\ProgramData\MFAData
2013-05-15 22:00 - 2013-05-15 22:00 - 12917756 ____A C:\Users\Lunceford\Downloads\mbar-1.05.0.1001.zip
2013-05-15 22:00 - 2013-05-15 22:00 - 00791040 ____A C:\Users\Lunceford\Downloads\RogueKillerX64.exe
2013-05-15 21:40 - 2013-05-15 21:40 - 00000000 ____D C:\Users\Lunceford\AppData\Roaming\Malwarebytes
2013-05-15 21:40 - 2013-05-15 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-15 21:40 - 2013-05-15 21:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-15 21:39 - 2013-05-15 21:39 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Lunceford\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-15 21:38 - 2013-05-15 21:38 - 00000000 ____D C:\Users\Lunceford\AppData\LocalGoogle
2013-05-15 21:38 - 2012-11-10 07:36 - 00000000 ____D C:\Users\Lunceford\AppData\Local\Google
2013-05-15 21:38 - 2009-02-13 01:00 - 00000000 ___DC C:\Program Files (x86)\Google
2013-05-15 21:37 - 2013-05-15 21:37 - 00688992 ____R (Swearware) C:\Users\Lunceford\Downloads\dds.com
2013-05-15 21:37 - 2013-05-15 21:37 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-15 21:36 - 2013-05-15 21:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-15 21:36 - 2013-05-15 21:36 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-15 21:36 - 2013-05-15 21:35 - 117478104 ____A C:\Users\Lunceford\Downloads\avast_free_antivirus_setup.exe
2013-05-15 21:26 - 2013-05-15 21:26 - 00000442 ____A C:\Users\Lunceford\Downloads\fixlist.txt
2013-05-15 18:54 - 2013-05-15 18:54 - 00000000 ____A C:\Windows\setuperr.log
2013-05-15 18:35 - 2013-05-15 18:35 - 01877416 ____A (Farbar) C:\Users\Lunceford\Downloads\FRST64.exe
2013-05-15 18:35 - 2013-05-15 18:35 - 00000000 ____D C:\FRST
2013-05-15 18:28 - 2013-01-27 19:51 - 00000000 ____D C:\Windows\Minidump
2013-05-15 15:58 - 2013-05-15 15:57 - 69644472 ____A (Anthropics Technology Ltd. ) C:\Users\Lunceford\Downloads\PortraitProfessionalTrialSetup.exe
2013-05-14 19:20 - 2012-12-22 11:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 19:20 - 2012-11-10 15:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 19:14 - 2010-10-20 07:47 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2013-05-14 19:13 - 2013-05-14 19:13 - 06953496 ____A (Microsoft Corporation) C:\Users\Lunceford\Downloads\Silverlight.exe
2013-05-14 09:11 - 2013-05-14 09:11 - 90095616 ____A C:\Users\Lunceford\Downloads\avg_arl_cdi_all_120_120823a5411 (1).iso
2013-05-14 08:22 - 2013-05-14 08:21 - 102010580 ____A C:\Users\Lunceford\Downloads\avg_arl_ffi_all_120_120823a5411.zip
2013-05-14 08:15 - 2013-05-14 08:15 - 04459360 ____A (AVG Technologies) C:\Users\Lunceford\Downloads\avg_avct_stb_all_2013_3336.exe
2013-05-14 08:15 - 2013-05-14 08:15 - 00000000 ____D C:\Users\Lunceford\AppData\Local\MFAData
2013-05-14 08:13 - 2013-05-14 08:10 - 00518002 ____A C:\Users\Lunceford\Downloads\avgremover.log
2013-05-14 08:10 - 2013-05-14 08:10 - 03222280 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Lunceford\Downloads\avg_remover_stf_x64_2013_2706.exe
2013-05-14 07:27 - 2013-05-14 07:27 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-05-13 12:38 - 2013-05-13 12:38 - 00000408 ____A C:\Users\Lunceford\Downloads\redir (1)
2013-05-13 12:38 - 2013-05-13 12:38 - 00000408 ____A C:\Users\Lunceford\Downloads\redir
2013-05-13 12:34 - 2013-05-13 12:34 - 00043047 ____A C:\Users\Lunceford\Downloads\index.html
2013-05-13 07:15 - 2013-05-13 07:14 - 90095616 ____A C:\Users\Lunceford\Downloads\avg_arl_cdi_all_120_120823a5411.iso
2013-05-12 22:40 - 2010-11-05 20:37 - 00000000 ___DC C:\Program Files (x86)\BitTorrent
2013-05-12 22:15 - 2013-05-12 22:16 - 00040736 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-12 22:02 - 2013-05-12 22:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-05-12 22:02 - 2013-05-12 22:02 - 00000000 ____A C:\autoexec.bat
2013-05-12 20:36 - 2013-01-21 07:32 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-05-12 16:09 - 2012-11-10 15:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-05-10 05:36 - 2013-05-10 05:36 - 00354918 ____A C:\Users\Lunceford\Downloads\BALister_Soviet_v.1.4.xlsx
2013-05-10 05:35 - 2013-05-10 05:35 - 00348683 ____A C:\Users\Lunceford\Downloads\BALister_US_v.1.2.xlsx
2013-05-10 05:34 - 2013-05-10 05:34 - 00353633 ____A C:\Users\Lunceford\Downloads\BALister_German_v.1.0.xlsx
2013-05-10 05:34 - 2013-05-10 05:34 - 00345174 ____A C:\Users\Lunceford\Downloads\BALister_Commonwealth_v.1.3.xlsx
2013-05-09 01:59 - 2013-05-15 21:37 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 01:59 - 2013-05-15 21:37 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 01:59 - 2013-05-15 21:37 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 01:59 - 2013-05-15 21:37 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 01:59 - 2013-05-15 21:37 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 01:59 - 2013-05-15 21:37 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 01:59 - 2013-05-15 21:37 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 01:59 - 2013-05-15 21:37 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 01:58 - 2013-05-15 21:37 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-09 01:58 - 2013-05-15 21:37 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-05 08:10 - 2013-05-05 08:10 - 00000000 ____D C:\ProgramData\RELOADED
2013-05-05 08:05 - 2013-01-02 19:37 - 00000000 ____D C:\Users\Lunceford\Documents\Madden NFL 08
2013-05-05 08:04 - 2013-02-05 20:38 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-05-05 07:27 - 2013-05-05 07:27 - 00000000 ____D C:\Users\Lunceford\AppData\Roaming\WinRAR
2013-05-05 07:26 - 2011-08-09 02:01 - 00000000 ___DC C:\Games
2013-05-02 02:06 - 2010-11-20 20:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-27 18:10 - 2013-04-27 18:10 - 00000000 ____D C:\Users\Lunceford\AppData\Local\signal studios
2013-04-22 19:53 - 2013-02-24 18:28 - 00000000 ____D C:\Users\Lunceford\Downloads\Desktop Pics
2013-04-21 13:37 - 2013-04-21 13:37 - 00000000 ____D C:\Users\Lunceford\Downloads\Harry Potter saga UK version - mobi (Kindle)
2013-04-19 20:53 - 2012-11-29 19:09 - 00000000 ____D C:\Users\Lunceford\AppData\Roaming\vlc

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-14 02:19

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2013
Ran by Lunceford at 2013-05-19 21:11:58 Run:
Running from C:\Users\Lunceford\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Adobe Shockwave Player (Version: 10.2.0.22)
avast! Free Antivirus (Version: 8.0.1489.0)
BitTorrent (Version: 7.8.0.29626)
calibre 64bit (Version: 0.9.15)
DAEMON Tools Pro (Version: 4.41.0314.0232)
EA SPORTS online 2008
ESET Online Scanner v3
Far Cry® 3
Google Chrome (Version: 26.0.1410.64)
Google Drive (Version: 1.9.4536.8202)
Google Update Helper (Version: 1.3.21.145)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
jZip (Version: 2.0.0.129577)
LeapFrog Connect (Version: 4.2.9.15649)
LeapFrog My Pals Plugin (Version: 4.2.9.15649)
Lexmark 4800 Series
Madden NFL 08
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Medieval II Total War (Version: 1.03.000)
Medieval II Total War : Kingdoms : Americas (Version: 1.03.000)
Medieval II Total War : Kingdoms : Britannia (Version: 1.03.000)
Medieval II Total War : Kingdoms : Crusades (Version: 1.03.000)
Medieval II Total War : Kingdoms : Teutonic (Version: 1.03.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Napoleon: Total War
NVIDIA 3D Vision Controller Driver 314.07 (Version: 314.07)
NVIDIA 3D Vision Driver 314.07 (Version: 314.07)
NVIDIA Control Panel 314.07 (Version: 314.07)
NVIDIA Graphics Driver 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Picasa 3 (Version: 3.9)
Rosetta Stone Version 3 (Version: 3.3.5.2)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
Total War: SHOGUN 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay (Version: 2.0)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)

==================== Restore Points =========================

17-05-2013 00:10:42 Before new AntiVirus
17-05-2013 02:58:31 Windows Update
17-05-2013 10:00:26 Windows Update
18-05-2013 17:27:57 Installed Java 7 Update 21

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2013 08:02:48 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/19/2013 06:37:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/19/2013 06:15:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: Empire.exe, version: 1.5.0.0, time stamp: 0x4b74239d
Faulting module name: Empire.exe, version: 1.5.0.0, time stamp: 0x4b74239d
Exception code: 0xc0000005
Fault offset: 0x007c12ba
Faulting process id: 0xf68
Faulting application start time: 0xEmpire.exe0
Faulting application path: Empire.exe1
Faulting module path: Empire.exe2
Report Id: Empire.exe3

Error: (05/19/2013 06:15:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: Empire.exe, version: 1.5.0.0, time stamp: 0x4b74239d
Faulting module name: Empire.exe, version: 1.5.0.0, time stamp: 0x4b74239d
Exception code: 0xc0000005
Fault offset: 0x0068bac6
Faulting process id: 0xf68
Faulting application start time: 0xEmpire.exe0
Faulting application path: Empire.exe1
Faulting module path: Empire.exe2
Report Id: Empire.exe3

Error: (05/19/2013 02:15:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/19/2013 07:10:24 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/18/2013 05:58:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/18/2013 07:23:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/18/2013 07:22:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/17/2013 10:10:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.1407, time stamp: 0x5116e918
Faulting module name: nvtray.exe, version: 7.17.13.1407, time stamp: 0x5116e918
Exception code: 0x40000015
Fault offset: 0x0000000000154f89
Faulting process id: 0x57c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3


System errors:
=============
Error: (05/19/2013 08:03:15 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (05/19/2013 08:03:15 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/19/2013 08:19:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.151.280.0).

Error: (05/19/2013 07:11:02 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (05/19/2013 07:11:02 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/19/2013 07:08:57 AM) (Source: Service Control Manager) (User: )
Description: The WinDefend service terminated with the following error:
%%5

Error: (05/19/2013 07:08:48 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:51:24 PM on ?5/?18/?2013 was unexpected.

Error: (05/18/2013 11:21:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.151.280.0).

Error: (05/18/2013 07:19:58 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/18/2013 02:10:40 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-05-16 17:24:38.253
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-16 17:24:38.223
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:27:01.165
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:27:01.135
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:26:58.704
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:26:58.674
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:26:56.357
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:26:56.327
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:26:52.719
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 07:26:52.688
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 4094.49 MB
Available physical RAM: 2108.84 MB
Total Pagefile: 8187.17 MB
Available Pagefile: 5560.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:159.16 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 84F3C4AE)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    84 bytes · Views: 5
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013
Ran by Lunceford at 2013-05-19 21:34:02 Run:3
Running from C:\Users\Lunceford\Downloads
Boot Mode: Normal
==============================================

permissions for C:\Program Files\Windows Defender were reset successfully

========================= Folder: C:\Program Files\Windows Defender ========================

2011-04-12 01:17 - 2011-04-12 01:17 - 0000000 ___AD () C:\Program Files\Windows Defender\en-US
2009-07-13 16:53 - 2009-07-13 18:41 - 0010752 ____A () C:\Program Files\Windows Defender\MpAsDesc.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0571904 ____A () C:\Program Files\Windows Defender\MpClient.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0190976 ____A () C:\Program Files\Windows Defender\MpCmdRun.exe
2009-07-13 16:53 - 2009-07-13 18:41 - 0314880 ____A () C:\Program Files\Windows Defender\MpCommu.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0052224 ____A () C:\Program Files\Windows Defender\MpEvMsg.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0052224 ____A () C:\Program Files\Windows Defender\MpOAV.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0200192 ____A () C:\Program Files\Windows Defender\MpRTP.dll
2009-07-13 16:54 - 2009-07-13 18:41 - 1011712 ____A () C:\Program Files\Windows Defender\MpSvc.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0961024 ____A () C:\Program Files\Windows Defender\MSASCui.exe
2010-11-20 20:24 - 2010-11-20 20:24 - 0060928 ____A () C:\Program Files\Windows Defender\MsMpCom.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0004608 ____A () C:\Program Files\Windows Defender\MsMpLics.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0487936 ____A () C:\Program Files\Windows Defender\MsMpRes.dll
2009-07-13 22:32 - 2012-11-10 06:45 - 0028672 ____A () C:\Program Files\Windows Defender\en-US\BCD-Template
2009-07-13 22:38 - 2012-11-10 06:45 - 0025600 __ASH () C:\Program Files\Windows Defender\en-US\BCD-Template.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 44040192 ____A () C:\Program Files\Windows Defender\en-US\COMPONENTS
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG2
2009-07-13 21:54 - 2013-05-19 20:14 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2009-07-13 21:54 - 2013-05-19 20:14 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2009-07-13 21:54 - 2013-04-10 06:19 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2009-07-13 19:34 - 2013-05-19 20:17 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\DEFAULT
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG
2009-07-13 19:34 - 2013-05-19 20:17 - 0185344 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG2
2009-07-13 20:20 - 2009-07-13 19:34 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\Journal
2009-07-13 20:20 - 2013-05-14 02:19 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\RegBack
2009-07-13 19:34 - 2013-05-19 20:16 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\SAM
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG
2009-07-13 19:34 - 2013-05-19 20:16 - 0029696 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG2
2009-07-13 19:34 - 2013-05-19 20:14 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\SECURITY
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 0021504 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG2
2009-07-13 19:34 - 2013-05-19 21:32 - 65798144 ____A () C:\Program Files\Windows Defender\en-US\SOFTWARE
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG
2009-07-13 19:34 - 2013-05-19 21:32 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG2
2009-07-13 19:34 - 2013-05-19 21:32 - 14155776 ____A () C:\Program Files\Windows Defender\en-US\SYSTEM
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG
2009-07-13 19:34 - 2013-05-19 21:32 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG2
2009-07-13 20:20 - 2010-11-20 19:41 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile
2009-07-13 20:20 - 2012-11-10 06:39 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\TxR
2012-11-10 07:31 - 2013-05-14 02:19 - 0208896 ____A () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 0032768 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SAM
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SAM.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SAM.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 0028672 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY
2012-11-10 09:39 - 2012-11-10 09:39 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY.LOG1
2012-11-10 09:39 - 2012-11-10 09:39 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 63483904 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 14041088 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM.LOG2
2009-07-13 20:20 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData
2009-07-13 22:38 - 2012-11-10 06:45 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat
2009-07-14 00:07 - 2011-04-12 01:19 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG
2009-07-13 22:38 - 2012-11-10 07:31 - 0009216 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG1
2009-07-13 22:38 - 2009-07-13 22:38 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG2
2010-11-20 19:41 - 2010-11-20 19:41 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TM.blf
2010-11-20 19:41 - 2010-11-20 19:41 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-11-20 19:41 - 2010-11-20 19:41 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2009-07-13 20:20 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
2009-07-13 21:48 - 2009-07-13 21:55 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming
2013-05-15 22:01 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013
2009-07-13 21:49 - 2012-11-10 07:33 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft
2013-05-15 22:01 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013\log
2012-11-10 07:33 - 2012-11-10 07:35 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices
2009-07-13 21:49 - 2009-07-13 21:54 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows
2012-11-10 07:33 - 2013-04-19 20:52 - 0000284 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm
2012-11-10 07:34 - 2013-04-22 12:38 - 0000420 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog01.sqm
2012-11-10 07:35 - 2013-05-14 08:08 - 0000284 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Caches
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History
2009-07-13 21:54 - 2013-05-17 21:48 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
2009-07-13 21:54 - 2009-07-13 21:54 - 0000145 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
2009-07-13 21:54 - 2009-07-13 21:54 - 0000145 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
2009-07-13 21:54 - 2013-04-01 20:00 - 0016384 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-07-13 21:55 - 2013-03-13 03:01 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft
2009-07-13 21:55 - 2009-07-13 21:57 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache
2013-03-13 03:01 - 2013-03-13 03:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\Silverlight
2009-07-13 21:57 - 2013-05-14 21:22 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
2009-07-13 21:55 - 2013-05-14 21:22 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
2013-05-14 08:15 - 2013-05-14 08:15 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1554C63897948B36B35A43332D76FF76_53F4A1B9C4352045D994951576F965E6
2013-05-12 21:57 - 2013-05-12 22:13 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\29E7A8984BC663B2CB853E44E7863708_C2CDBF709A7025D48EDC7EF6FD9A699F
2012-11-12 06:47 - 2013-05-14 00:24 - 0006342 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2013-05-12 22:02 - 2013-05-12 22:02 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5EEE7FA98C56E24F9F53871567AE5AA6_16A45C5369875E6DEBC12F7270009B5B
2012-11-12 06:47 - 2012-11-12 06:47 - 0000000 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
2009-07-13 21:57 - 2012-11-11 12:58 - 0000506 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2013-05-12 22:10 - 2013-05-12 22:10 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\91ECFED5143F7F4F4576655D8EFAB51C_66E7D16A4A448EEFABA48E9C8226B1A5
2009-07-13 21:57 - 2012-12-08 21:36 - 0049082 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2013-05-14 21:22 - 2013-05-14 21:24 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\969F6872C062F51ACB119B46DFBDDA7D_A3B9567A209FA886457789BB77B3211F
2013-05-12 19:29 - 2013-05-14 21:23 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4C1370976EA5CBCD83ED4662793FEEA_AD89FA152C7A4EE101191050ECC95532
2013-05-14 01:23 - 2013-05-14 01:24 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_09E33DA71CB69CA21C298B2D932FD9F9
2013-05-14 01:22 - 2013-05-14 01:26 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_AE86CF131AB798689F2ADB9A387ADD2F
2013-05-12 21:57 - 2013-05-12 21:57 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C29AA1B9D7AA8A9381D2CBB3F631AA4B_5EBCF75359C942C8FCEA9923092C4CE2
2013-05-12 19:29 - 2013-05-12 19:29 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_08ED0DAF76B747B3E3CD97F7F08845B2
2013-05-12 22:12 - 2013-05-12 22:16 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_3F77522C592E3D145946768EC37A9E19
2013-05-14 01:23 - 2013-05-14 01:23 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_67EC7434B8607C203163123602436D5B
2013-05-14 01:23 - 2013-05-14 01:25 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_E220134AF4B7DE4EA9016670A7287496
2013-05-12 22:02 - 2013-05-12 22:02 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E187F62E3BD3DEB92213FEA993B29EA2_D3F19C97B4E36402C7409A92325C9754
2013-05-12 19:29 - 2013-05-12 22:22 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E63A640A06A2B005AB42F3250BC98D9E_DCA8725267231BCF495D375F84709E16
2013-05-14 08:15 - 2013-05-14 08:15 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1554C63897948B36B35A43332D76FF76_53F4A1B9C4352045D994951576F965E6
2013-05-12 21:57 - 2013-05-12 22:13 - 0000430 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\29E7A8984BC663B2CB853E44E7863708_C2CDBF709A7025D48EDC7EF6FD9A699F
2012-11-12 06:47 - 2013-05-19 20:01 - 0000340 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2013-05-12 22:02 - 2013-05-12 22:02 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5EEE7FA98C56E24F9F53871567AE5AA6_16A45C5369875E6DEBC12F7270009B5B
2012-11-12 06:47 - 2013-05-13 20:23 - 0000290 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
2009-07-13 21:57 - 2012-11-11 12:58 - 0000258 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2013-05-12 22:10 - 2013-05-12 22:10 - 0000400 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\91ECFED5143F7F4F4576655D8EFAB51C_66E7D16A4A448EEFABA48E9C8226B1A5
2009-07-13 21:57 - 2012-12-08 21:36 - 0000344 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2013-05-14 21:22 - 2013-05-14 21:24 - 0000430 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\969F6872C062F51ACB119B46DFBDDA7D_A3B9567A209FA886457789BB77B3211F
2013-05-12 19:29 - 2013-05-14 21:23 - 0000416 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A4C1370976EA5CBCD83ED4662793FEEA_AD89FA152C7A4EE101191050ECC95532
2013-05-14 01:23 - 2013-05-14 01:24 - 0000426 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_09E33DA71CB69CA21C298B2D932FD9F9
2013-05-14 01:22 - 2013-05-14 01:26 - 0000426 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_AE86CF131AB798689F2ADB9A387ADD2F
2013-05-12 21:57 - 2013-05-12 21:57 - 0000400 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C29AA1B9D7AA8A9381D2CBB3F631AA4B_5EBCF75359C942C8FCEA9923092C4CE2
2013-05-12 19:29 - 2013-05-12 19:29 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_08ED0DAF76B747B3E3CD97F7F08845B2
2013-05-12 22:12 - 2013-05-12 22:16 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_3F77522C592E3D145946768EC37A9E19
2013-05-14 01:23 - 2013-05-14 01:23 - 0000412 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_67EC7434B8607C203163123602436D5B
2013-05-14 01:23 - 2013-05-14 01:25 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_E220134AF4B7DE4EA9016670A7287496
2013-05-12 22:02 - 2013-05-12 22:02 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E187F62E3BD3DEB92213FEA993B29EA2_D3F19C97B4E36402C7409A92325C9754
2013-05-12 19:29 - 2013-05-12 22:22 - 0000410 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E63A640A06A2B005AB42F3250BC98D9E_DCA8725267231BCF495D375F84709E16
2009-07-13 21:48 - 2012-11-18 13:42 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates
2009-07-13 21:54 - 2009-07-13 22:12 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons
2012-11-18 13:42 - 2012-11-18 13:42 - 0000940 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_BA1B5AF5D23F4A4C976570F8F81C7143.dat
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
2009-07-13 21:54 - 2012-11-10 07:15 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
2009-07-13 22:12 - 2009-07-13 22:12 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache
2012-11-10 07:15 - 2013-04-01 20:00 - 0016384 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-07-13 22:12 - 2012-11-10 07:20 - 0262144 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2012-11-10 06:39 - 2013-05-12 22:37 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
2012-11-10 06:39 - 2013-05-19 19:58 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
2012-11-10 06:39 - 2013-02-27 03:18 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
2012-11-10 06:39 - 2013-05-19 19:58 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2012-11-10 07:31 - 2013-05-19 19:58 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2012-11-10 07:31 - 2013-05-19 19:58 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2012-11-10 07:31 - 2013-04-10 03:20 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

====== End of Folder: ======

==== End of Fixlog ====
 
!!Delete your previous fixlist.txt file so you won't get confused because we're going to use another one.!!

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    110 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013
Ran by Lunceford at 2013-05-19 21:41:20 Run:4
Running from C:\Users\Lunceford\Downloads
Boot Mode: Normal
==============================================


========= fsutil reparsepoint delete "C:\Program Files\Windows Defender" =========

Error: The file or directory is not a reparse point.


========= End of CMD: =========


========================= Folder: C:\Program Files\Windows Defender ========================

2011-04-12 01:17 - 2011-04-12 01:17 - 0000000 ___AD () C:\Program Files\Windows Defender\en-US
2009-07-13 16:53 - 2009-07-13 18:41 - 0010752 ____A () C:\Program Files\Windows Defender\MpAsDesc.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0571904 ____A () C:\Program Files\Windows Defender\MpClient.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0190976 ____A () C:\Program Files\Windows Defender\MpCmdRun.exe
2009-07-13 16:53 - 2009-07-13 18:41 - 0314880 ____A () C:\Program Files\Windows Defender\MpCommu.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0052224 ____A () C:\Program Files\Windows Defender\MpEvMsg.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0052224 ____A () C:\Program Files\Windows Defender\MpOAV.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0200192 ____A () C:\Program Files\Windows Defender\MpRTP.dll
2009-07-13 16:54 - 2009-07-13 18:41 - 1011712 ____A () C:\Program Files\Windows Defender\MpSvc.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0961024 ____A () C:\Program Files\Windows Defender\MSASCui.exe
2010-11-20 20:24 - 2010-11-20 20:24 - 0060928 ____A () C:\Program Files\Windows Defender\MsMpCom.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0004608 ____A () C:\Program Files\Windows Defender\MsMpLics.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0487936 ____A () C:\Program Files\Windows Defender\MsMpRes.dll
2009-07-13 22:32 - 2012-11-10 06:45 - 0028672 ____A () C:\Program Files\Windows Defender\en-US\BCD-Template
2009-07-13 22:38 - 2012-11-10 06:45 - 0025600 __ASH () C:\Program Files\Windows Defender\en-US\BCD-Template.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 44040192 ____A () C:\Program Files\Windows Defender\en-US\COMPONENTS
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG2
2009-07-13 21:54 - 2013-05-19 20:14 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2009-07-13 21:54 - 2013-05-19 20:14 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2009-07-13 21:54 - 2013-04-10 06:19 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2009-07-13 19:34 - 2013-05-19 21:37 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\DEFAULT
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG
2009-07-13 19:34 - 2013-05-19 21:37 - 0185344 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG2
2009-07-13 20:20 - 2009-07-13 19:34 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\Journal
2009-07-13 20:20 - 2013-05-14 02:19 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\RegBack
2009-07-13 19:34 - 2013-05-19 20:16 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\SAM
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG
2009-07-13 19:34 - 2013-05-19 20:16 - 0029696 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG2
2009-07-13 19:34 - 2013-05-19 20:14 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\SECURITY
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 0021504 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG2
2009-07-13 19:34 - 2013-05-19 21:40 - 65798144 ____A () C:\Program Files\Windows Defender\en-US\SOFTWARE
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG
2009-07-13 19:34 - 2013-05-19 21:40 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG2
2009-07-13 19:34 - 2013-05-19 21:41 - 14155776 ____A () C:\Program Files\Windows Defender\en-US\SYSTEM
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG
2009-07-13 19:34 - 2013-05-19 21:41 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG2
2009-07-13 20:20 - 2010-11-20 19:41 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile
2009-07-13 20:20 - 2012-11-10 06:39 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\TxR
2012-11-10 07:31 - 2013-05-14 02:19 - 0208896 ____A () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 0032768 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SAM
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SAM.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SAM.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 0028672 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY
2012-11-10 09:39 - 2012-11-10 09:39 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY.LOG1
2012-11-10 09:39 - 2012-11-10 09:39 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 63483904 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 14041088 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM.LOG2
2009-07-13 20:20 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData
2009-07-13 22:38 - 2012-11-10 06:45 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat
2009-07-14 00:07 - 2011-04-12 01:19 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG
2009-07-13 22:38 - 2012-11-10 07:31 - 0009216 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG1
2009-07-13 22:38 - 2009-07-13 22:38 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG2
2010-11-20 19:41 - 2010-11-20 19:41 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TM.blf
2010-11-20 19:41 - 2010-11-20 19:41 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-11-20 19:41 - 2010-11-20 19:41 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2009-07-13 20:20 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
2009-07-13 21:48 - 2009-07-13 21:55 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming
2013-05-15 22:01 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013
2009-07-13 21:49 - 2012-11-10 07:33 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft
2013-05-15 22:01 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013\log
2012-11-10 07:33 - 2012-11-10 07:35 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices
2009-07-13 21:49 - 2009-07-13 21:54 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows
2012-11-10 07:33 - 2013-04-19 20:52 - 0000284 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm
2012-11-10 07:34 - 2013-04-22 12:38 - 0000420 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog01.sqm
2012-11-10 07:35 - 2013-05-14 08:08 - 0000284 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Caches
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History
2009-07-13 21:54 - 2013-05-17 21:48 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
2009-07-13 21:54 - 2009-07-13 21:54 - 0000145 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
2009-07-13 21:54 - 2009-07-13 21:54 - 0000145 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
2009-07-13 21:54 - 2013-04-01 20:00 - 0016384 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-07-13 21:55 - 2013-03-13 03:01 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft
2009-07-13 21:55 - 2009-07-13 21:57 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache
2013-03-13 03:01 - 2013-03-13 03:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\Silverlight
2009-07-13 21:57 - 2013-05-14 21:22 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
2009-07-13 21:55 - 2013-05-14 21:22 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
2013-05-14 08:15 - 2013-05-14 08:15 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1554C63897948B36B35A43332D76FF76_53F4A1B9C4352045D994951576F965E6
2013-05-12 21:57 - 2013-05-12 22:13 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\29E7A8984BC663B2CB853E44E7863708_C2CDBF709A7025D48EDC7EF6FD9A699F
2012-11-12 06:47 - 2013-05-14 00:24 - 0006342 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2013-05-12 22:02 - 2013-05-12 22:02 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5EEE7FA98C56E24F9F53871567AE5AA6_16A45C5369875E6DEBC12F7270009B5B
2012-11-12 06:47 - 2012-11-12 06:47 - 0000000 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
2009-07-13 21:57 - 2012-11-11 12:58 - 0000506 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2013-05-12 22:10 - 2013-05-12 22:10 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\91ECFED5143F7F4F4576655D8EFAB51C_66E7D16A4A448EEFABA48E9C8226B1A5
2009-07-13 21:57 - 2012-12-08 21:36 - 0049082 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2013-05-14 21:22 - 2013-05-14 21:24 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\969F6872C062F51ACB119B46DFBDDA7D_A3B9567A209FA886457789BB77B3211F
2013-05-12 19:29 - 2013-05-14 21:23 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4C1370976EA5CBCD83ED4662793FEEA_AD89FA152C7A4EE101191050ECC95532
2013-05-14 01:23 - 2013-05-14 01:24 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_09E33DA71CB69CA21C298B2D932FD9F9
2013-05-14 01:22 - 2013-05-14 01:26 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_AE86CF131AB798689F2ADB9A387ADD2F
2013-05-12 21:57 - 2013-05-12 21:57 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C29AA1B9D7AA8A9381D2CBB3F631AA4B_5EBCF75359C942C8FCEA9923092C4CE2
2013-05-12 19:29 - 2013-05-12 19:29 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_08ED0DAF76B747B3E3CD97F7F08845B2
2013-05-12 22:12 - 2013-05-12 22:16 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_3F77522C592E3D145946768EC37A9E19
2013-05-14 01:23 - 2013-05-14 01:23 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_67EC7434B8607C203163123602436D5B
2013-05-14 01:23 - 2013-05-14 01:25 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_E220134AF4B7DE4EA9016670A7287496
2013-05-12 22:02 - 2013-05-12 22:02 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E187F62E3BD3DEB92213FEA993B29EA2_D3F19C97B4E36402C7409A92325C9754
2013-05-12 19:29 - 2013-05-12 22:22 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E63A640A06A2B005AB42F3250BC98D9E_DCA8725267231BCF495D375F84709E16
2013-05-14 08:15 - 2013-05-14 08:15 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1554C63897948B36B35A43332D76FF76_53F4A1B9C4352045D994951576F965E6
2013-05-12 21:57 - 2013-05-12 22:13 - 0000430 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\29E7A8984BC663B2CB853E44E7863708_C2CDBF709A7025D48EDC7EF6FD9A699F
2012-11-12 06:47 - 2013-05-19 20:01 - 0000340 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2013-05-12 22:02 - 2013-05-12 22:02 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5EEE7FA98C56E24F9F53871567AE5AA6_16A45C5369875E6DEBC12F7270009B5B
2012-11-12 06:47 - 2013-05-13 20:23 - 0000290 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
2009-07-13 21:57 - 2012-11-11 12:58 - 0000258 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2013-05-12 22:10 - 2013-05-12 22:10 - 0000400 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\91ECFED5143F7F4F4576655D8EFAB51C_66E7D16A4A448EEFABA48E9C8226B1A5
2009-07-13 21:57 - 2012-12-08 21:36 - 0000344 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2013-05-14 21:22 - 2013-05-14 21:24 - 0000430 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\969F6872C062F51ACB119B46DFBDDA7D_A3B9567A209FA886457789BB77B3211F
2013-05-12 19:29 - 2013-05-14 21:23 - 0000416 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A4C1370976EA5CBCD83ED4662793FEEA_AD89FA152C7A4EE101191050ECC95532
2013-05-14 01:23 - 2013-05-14 01:24 - 0000426 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_09E33DA71CB69CA21C298B2D932FD9F9
2013-05-14 01:22 - 2013-05-14 01:26 - 0000426 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_AE86CF131AB798689F2ADB9A387ADD2F
2013-05-12 21:57 - 2013-05-12 21:57 - 0000400 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C29AA1B9D7AA8A9381D2CBB3F631AA4B_5EBCF75359C942C8FCEA9923092C4CE2
2013-05-12 19:29 - 2013-05-12 19:29 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_08ED0DAF76B747B3E3CD97F7F08845B2
2013-05-12 22:12 - 2013-05-12 22:16 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_3F77522C592E3D145946768EC37A9E19
2013-05-14 01:23 - 2013-05-14 01:23 - 0000412 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_67EC7434B8607C203163123602436D5B
2013-05-14 01:23 - 2013-05-14 01:25 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_E220134AF4B7DE4EA9016670A7287496
2013-05-12 22:02 - 2013-05-12 22:02 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E187F62E3BD3DEB92213FEA993B29EA2_D3F19C97B4E36402C7409A92325C9754
2013-05-12 19:29 - 2013-05-12 22:22 - 0000410 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E63A640A06A2B005AB42F3250BC98D9E_DCA8725267231BCF495D375F84709E16
2009-07-13 21:48 - 2012-11-18 13:42 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates
2009-07-13 21:54 - 2009-07-13 22:12 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons
2012-11-18 13:42 - 2012-11-18 13:42 - 0000940 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_BA1B5AF5D23F4A4C976570F8F81C7143.dat
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
2009-07-13 21:54 - 2012-11-10 07:15 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
2009-07-13 22:12 - 2009-07-13 22:12 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache
2012-11-10 07:15 - 2013-04-01 20:00 - 0016384 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-07-13 22:12 - 2012-11-10 07:20 - 0262144 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2012-11-10 06:39 - 2013-05-12 22:37 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
2012-11-10 06:39 - 2013-05-19 19:58 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
2012-11-10 06:39 - 2013-02-27 03:18 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
2012-11-10 06:39 - 2013-05-19 19:58 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2012-11-10 07:31 - 2013-05-19 19:58 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2012-11-10 07:31 - 2013-05-19 19:58 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2012-11-10 07:31 - 2013-04-10 03:20 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

====== End of Folder: ======

==== End of Fixlog ====
 
OK. Delete your last fixlist.txt.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    120 bytes · Views: 4
I have done this, as I did the last time you asked

This is the info in the file you sent...and the info that is being uploaded to the FRST64 file.

cmd: fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll"
Folder: C:\Program Files\Windows Defender

Here is the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013
Ran by Lunceford at 2013-05-19 21:52:55 Run:2
Running from C:\Users\Lunceford\Downloads
Boot Mode: Normal
==============================================


========= fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll" =========

Error: The file or directory is not a reparse point.


========= End of CMD: =========


========================= Folder: C:\Program Files\Windows Defender ========================

2011-04-12 01:17 - 2011-04-12 01:17 - 0000000 ___AD () C:\Program Files\Windows Defender\en-US
2009-07-13 16:53 - 2009-07-13 18:41 - 0010752 ____A () C:\Program Files\Windows Defender\MpAsDesc.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0571904 ____A () C:\Program Files\Windows Defender\MpClient.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0190976 ____A () C:\Program Files\Windows Defender\MpCmdRun.exe
2009-07-13 16:53 - 2009-07-13 18:41 - 0314880 ____A () C:\Program Files\Windows Defender\MpCommu.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0052224 ____A () C:\Program Files\Windows Defender\MpEvMsg.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0052224 ____A () C:\Program Files\Windows Defender\MpOAV.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0200192 ____A () C:\Program Files\Windows Defender\MpRTP.dll
2009-07-13 16:54 - 2009-07-13 18:41 - 1011712 ____A (Microsoft Corporation) C:\Program Files\Windows Defender\MpSvc.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0961024 ____A () C:\Program Files\Windows Defender\MSASCui.exe
2010-11-20 20:24 - 2010-11-20 20:24 - 0060928 ____A () C:\Program Files\Windows Defender\MsMpCom.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0004608 ____A () C:\Program Files\Windows Defender\MsMpLics.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0487936 ____A () C:\Program Files\Windows Defender\MsMpRes.dll
2009-07-13 22:32 - 2012-11-10 06:45 - 0028672 ____A () C:\Program Files\Windows Defender\en-US\BCD-Template
2009-07-13 22:38 - 2012-11-10 06:45 - 0025600 __ASH () C:\Program Files\Windows Defender\en-US\BCD-Template.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 44040192 ____A () C:\Program Files\Windows Defender\en-US\COMPONENTS
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\COMPONENTS.LOG2
2009-07-13 21:54 - 2013-05-19 20:14 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2009-07-13 21:54 - 2013-05-19 20:14 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2009-07-13 21:54 - 2013-04-10 06:19 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2009-07-13 19:34 - 2013-05-19 21:37 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\DEFAULT
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG
2009-07-13 19:34 - 2013-05-19 21:37 - 0185344 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\DEFAULT.LOG2
2009-07-13 20:20 - 2009-07-13 19:34 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\Journal
2009-07-13 20:20 - 2013-05-14 02:19 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\RegBack
2009-07-13 19:34 - 2013-05-19 20:16 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\SAM
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG
2009-07-13 19:34 - 2013-05-19 20:16 - 0029696 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SAM.LOG2
2009-07-13 19:34 - 2013-05-19 20:14 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\SECURITY
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG
2009-07-13 19:34 - 2013-05-19 20:14 - 0021504 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SECURITY.LOG2
2009-07-13 19:34 - 2013-05-19 21:51 - 65798144 ____A () C:\Program Files\Windows Defender\en-US\SOFTWARE
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG
2009-07-13 19:34 - 2013-05-19 21:51 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SOFTWARE.LOG2
2009-07-13 19:34 - 2013-05-19 21:51 - 14155776 ____A () C:\Program Files\Windows Defender\en-US\SYSTEM
2009-07-14 00:07 - 2011-04-12 01:32 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG
2009-07-13 19:34 - 2013-05-19 21:51 - 0262144 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG1
2009-07-13 19:34 - 2009-07-13 19:34 - 0000000 ___AH () C:\Program Files\Windows Defender\en-US\SYSTEM.LOG2
2009-07-13 20:20 - 2010-11-20 19:41 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile
2009-07-13 20:20 - 2012-11-10 06:39 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\TxR
2012-11-10 07:31 - 2013-05-14 02:19 - 0208896 ____A () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\DEFAULT.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 0032768 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SAM
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SAM.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SAM.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 0028672 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY
2012-11-10 09:39 - 2012-11-10 09:39 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY.LOG1
2012-11-10 09:39 - 2012-11-10 09:39 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SECURITY.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 63483904 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SOFTWARE.LOG2
2012-11-10 07:31 - 2013-05-14 02:19 - 14041088 ____A () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM.LOG1
2012-11-10 09:40 - 2012-11-10 09:40 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\RegBack\SYSTEM.LOG2
2009-07-13 20:20 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData
2009-07-13 22:38 - 2012-11-10 06:45 - 0262144 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat
2009-07-14 00:07 - 2011-04-12 01:19 - 0001024 ___AH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG
2009-07-13 22:38 - 2012-11-10 07:31 - 0009216 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG1
2009-07-13 22:38 - 2009-07-13 22:38 - 0000000 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat.LOG2
2010-11-20 19:41 - 2010-11-20 19:41 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TM.blf
2010-11-20 19:41 - 2010-11-20 19:41 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2010-11-20 19:41 - 2010-11-20 19:41 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\ntuser.dat{d5e30002-f518-11df-a5c1-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2009-07-13 20:20 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
2009-07-13 21:48 - 2009-07-13 21:55 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming
2013-05-15 22:01 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013
2009-07-13 21:49 - 2012-11-10 07:33 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft
2013-05-15 22:01 - 2013-05-15 22:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013\log
2012-11-10 07:33 - 2012-11-10 07:35 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices
2009-07-13 21:49 - 2009-07-13 21:54 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows
2012-11-10 07:33 - 2013-04-19 20:52 - 0000284 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm
2012-11-10 07:34 - 2013-04-22 12:38 - 0000420 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog01.sqm
2012-11-10 07:35 - 2013-05-14 08:08 - 0000284 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Caches
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History
2009-07-13 21:54 - 2013-05-17 21:48 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
2009-07-13 21:54 - 2009-07-13 21:54 - 0000145 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
2009-07-13 21:54 - 2009-07-13 21:54 - 0000145 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
2009-07-13 21:54 - 2013-04-01 20:00 - 0016384 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-07-13 21:55 - 2013-03-13 03:01 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft
2009-07-13 21:55 - 2009-07-13 21:57 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache
2013-03-13 03:01 - 2013-03-13 03:01 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\Silverlight
2009-07-13 21:57 - 2013-05-14 21:22 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
2009-07-13 21:55 - 2013-05-14 21:22 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
2013-05-14 08:15 - 2013-05-14 08:15 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1554C63897948B36B35A43332D76FF76_53F4A1B9C4352045D994951576F965E6
2013-05-12 21:57 - 2013-05-12 22:13 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\29E7A8984BC663B2CB853E44E7863708_C2CDBF709A7025D48EDC7EF6FD9A699F
2012-11-12 06:47 - 2013-05-14 00:24 - 0006342 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2013-05-12 22:02 - 2013-05-12 22:02 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5EEE7FA98C56E24F9F53871567AE5AA6_16A45C5369875E6DEBC12F7270009B5B
2012-11-12 06:47 - 2012-11-12 06:47 - 0000000 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
2009-07-13 21:57 - 2012-11-11 12:58 - 0000506 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2013-05-12 22:10 - 2013-05-12 22:10 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\91ECFED5143F7F4F4576655D8EFAB51C_66E7D16A4A448EEFABA48E9C8226B1A5
2009-07-13 21:57 - 2012-12-08 21:36 - 0049082 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2013-05-14 21:22 - 2013-05-14 21:24 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\969F6872C062F51ACB119B46DFBDDA7D_A3B9567A209FA886457789BB77B3211F
2013-05-12 19:29 - 2013-05-14 21:23 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A4C1370976EA5CBCD83ED4662793FEEA_AD89FA152C7A4EE101191050ECC95532
2013-05-14 01:23 - 2013-05-14 01:24 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_09E33DA71CB69CA21C298B2D932FD9F9
2013-05-14 01:22 - 2013-05-14 01:26 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_AE86CF131AB798689F2ADB9A387ADD2F
2013-05-12 21:57 - 2013-05-12 21:57 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C29AA1B9D7AA8A9381D2CBB3F631AA4B_5EBCF75359C942C8FCEA9923092C4CE2
2013-05-12 19:29 - 2013-05-12 19:29 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_08ED0DAF76B747B3E3CD97F7F08845B2
2013-05-12 22:12 - 2013-05-12 22:16 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_3F77522C592E3D145946768EC37A9E19
2013-05-14 01:23 - 2013-05-14 01:23 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_67EC7434B8607C203163123602436D5B
2013-05-14 01:23 - 2013-05-14 01:25 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_E220134AF4B7DE4EA9016670A7287496
2013-05-12 22:02 - 2013-05-12 22:02 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E187F62E3BD3DEB92213FEA993B29EA2_D3F19C97B4E36402C7409A92325C9754
2013-05-12 19:29 - 2013-05-12 22:22 - 0000005 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E63A640A06A2B005AB42F3250BC98D9E_DCA8725267231BCF495D375F84709E16
2013-05-14 08:15 - 2013-05-14 08:15 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1554C63897948B36B35A43332D76FF76_53F4A1B9C4352045D994951576F965E6
2013-05-12 21:57 - 2013-05-12 22:13 - 0000430 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\29E7A8984BC663B2CB853E44E7863708_C2CDBF709A7025D48EDC7EF6FD9A699F
2012-11-12 06:47 - 2013-05-19 20:01 - 0000340 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
2013-05-12 22:02 - 2013-05-12 22:02 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5EEE7FA98C56E24F9F53871567AE5AA6_16A45C5369875E6DEBC12F7270009B5B
2012-11-12 06:47 - 2013-05-13 20:23 - 0000290 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
2009-07-13 21:57 - 2012-11-11 12:58 - 0000258 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2013-05-12 22:10 - 2013-05-12 22:10 - 0000400 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\91ECFED5143F7F4F4576655D8EFAB51C_66E7D16A4A448EEFABA48E9C8226B1A5
2009-07-13 21:57 - 2012-12-08 21:36 - 0000344 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2013-05-14 21:22 - 2013-05-14 21:24 - 0000430 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\969F6872C062F51ACB119B46DFBDDA7D_A3B9567A209FA886457789BB77B3211F
2013-05-12 19:29 - 2013-05-14 21:23 - 0000416 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A4C1370976EA5CBCD83ED4662793FEEA_AD89FA152C7A4EE101191050ECC95532
2013-05-14 01:23 - 2013-05-14 01:24 - 0000426 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_09E33DA71CB69CA21C298B2D932FD9F9
2013-05-14 01:22 - 2013-05-14 01:26 - 0000426 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_AE86CF131AB798689F2ADB9A387ADD2F
2013-05-12 21:57 - 2013-05-12 21:57 - 0000400 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C29AA1B9D7AA8A9381D2CBB3F631AA4B_5EBCF75359C942C8FCEA9923092C4CE2
2013-05-12 19:29 - 2013-05-12 19:29 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_08ED0DAF76B747B3E3CD97F7F08845B2
2013-05-12 22:12 - 2013-05-12 22:16 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_3F77522C592E3D145946768EC37A9E19
2013-05-14 01:23 - 2013-05-14 01:23 - 0000412 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_67EC7434B8607C203163123602436D5B
2013-05-14 01:23 - 2013-05-14 01:25 - 0000408 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_E220134AF4B7DE4EA9016670A7287496
2013-05-12 22:02 - 2013-05-12 22:02 - 0000380 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E187F62E3BD3DEB92213FEA993B29EA2_D3F19C97B4E36402C7409A92325C9754
2013-05-12 19:29 - 2013-05-12 22:22 - 0000410 ___AS () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E63A640A06A2B005AB42F3250BC98D9E_DCA8725267231BCF495D375F84709E16
2009-07-13 21:48 - 2012-11-18 13:42 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates
2009-07-13 21:54 - 2009-07-13 22:12 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files
2012-11-18 13:42 - 2012-11-18 13:42 - 0000000 ____D () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons
2012-11-18 13:42 - 2012-11-18 13:42 - 0000940 ____A () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_BA1B5AF5D23F4A4C976570F8F81C7143.dat
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs
2009-07-13 21:48 - 2009-07-13 21:48 - 0000000 ___SD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs
2009-07-13 21:54 - 2012-11-10 07:15 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
2009-07-13 22:12 - 2009-07-13 22:12 - 0000000 __SHD () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache
2012-11-10 07:15 - 2013-04-01 20:00 - 0016384 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-07-13 22:12 - 2012-11-10 07:20 - 0262144 __ASH () C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2012-11-10 06:39 - 2013-05-12 22:37 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
2012-11-10 06:39 - 2013-05-19 19:58 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
2012-11-10 06:39 - 2013-02-27 03:18 - 5242880 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
2012-11-10 06:39 - 2013-05-19 19:58 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2012-11-10 07:31 - 2013-05-19 19:58 - 0065536 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2012-11-10 07:31 - 2013-05-19 19:58 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2012-11-10 07:31 - 2013-04-10 03:20 - 0524288 __ASH () C:\Program Files\Windows Defender\en-US\TxR\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

====== End of Folder: ======

==== End of Fixlog ====
 
OK, we'll need to do more checking then...

Please download and save Junction.zip
Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Type:
cmd
Click OK. Vista and 7 users hold SHIFT and CTRL keys, press Enter.
A command prompt window will open.
Copy and paste the following command:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

Wait until a log file opens.
Copy and paste the log in your next reply.

It may be long one so you may need to split it between couple of replies.
 
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\c6ecae2e25fb4c0716da7f6341be86: Access is denied.



Failed to open \\?\c:\\Config.Msi: Access is denied.


\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\found.000: Access is denied.



Failed to open \\?\c:\\found.001: Access is denied.



Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\MSOCache: Access is denied.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\Recovery: Access is denied.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...\\?\c:\\Program Files\Windows Defender\en-US: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpAsDesc.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpClient.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpCmdRun.exe: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpCommu.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpEvMsg.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpOAV.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MpRTP.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MSASCui.exe: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpCom.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpLics.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config

\\?\c:\\Program Files\Windows Defender\MsMpRes.dll: SYMBOLIC LINK
Print Name : c:\windows\system32\config
Substitute Name: \systemroot\system32\config



...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Program Files (x86)\Google\CrashReports: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

..
 
Let's try simple fix first.
We may need another one afterwards.

Delete your previous fixlist.txt file.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    116 bytes · Views: 6
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2013
Ran by Lunceford at 2013-05-19 23:08:24 Run:3
Running from C:\Users\Lunceford\Downloads
Boot Mode: Normal
==============================================


========= fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US" =========


========= End of CMD: =========


========================= Folder: C:\Program Files\Windows Defender ========================

2011-04-12 01:17 - 2011-04-12 01:17 - 0000000 ___AD () C:\Program Files\Windows Defender\en-US
2009-07-13 16:53 - 2009-07-13 18:41 - 0010752 ____A () C:\Program Files\Windows Defender\MpAsDesc.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0571904 ____A () C:\Program Files\Windows Defender\MpClient.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0190976 ____A () C:\Program Files\Windows Defender\MpCmdRun.exe
2009-07-13 16:53 - 2009-07-13 18:41 - 0314880 ____A () C:\Program Files\Windows Defender\MpCommu.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0052224 ____A () C:\Program Files\Windows Defender\MpEvMsg.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0052224 ____A () C:\Program Files\Windows Defender\MpOAV.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0200192 ____A () C:\Program Files\Windows Defender\MpRTP.dll
2009-07-13 16:54 - 2009-07-13 18:41 - 1011712 ____A (Microsoft Corporation) C:\Program Files\Windows Defender\MpSvc.dll
2009-07-13 16:53 - 2009-07-13 18:39 - 0961024 ____A () C:\Program Files\Windows Defender\MSASCui.exe
2010-11-20 20:24 - 2010-11-20 20:24 - 0060928 ____A () C:\Program Files\Windows Defender\MsMpCom.dll
2009-07-13 16:53 - 2009-07-13 18:29 - 0004608 ____A () C:\Program Files\Windows Defender\MsMpLics.dll
2009-07-13 16:53 - 2009-07-13 18:41 - 0487936 ____A () C:\Program Files\Windows Defender\MsMpRes.dll
2011-04-12 01:17 - 2011-04-12 01:17 - 0035328 ____A (Microsoft Corporation) C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui
2011-04-12 01:17 - 2011-04-12 01:17 - 0015360 ____A (Microsoft Corporation) C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui
2011-04-12 01:17 - 2011-04-12 01:17 - 0046592 ____A (Microsoft Corporation) C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui

====== End of Folder: ======

==== End of Fixlog ====
 
That looks much better :)
Hold on there. I'll write the last fix (hopefully final one) for tonight and I need to go to bed.
 
You must log in or register to reply here.

Similar threads

liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
C
Services.exe spikes up every so often
Replies
1
Views
1K
cpeach
C
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back