Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to run Windows Defender Scan - Error #0x8007139f [Closed]


  • This topic is locked This topic is locked

#1
SallyMae

SallyMae

    Member

  • Member
  • PipPip
  • 88 posts

"The group resource is not in the correct state to perform the requested operation."

 

I downloaded and ran rkill with no result.  I couldn't get any of the exeHelper links to work.  The link to the Viper Rescue Program page would not work either.

 

Is there any way to fix this problem?

 

Thanks,

Angela


Edited by SallyMae, 06 February 2016 - 02:07 AM.

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Let's take a look.

 

Fresh Set of Logs Needed
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.


  • 0

#3
SallyMae

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Thank you for your response.  Here are the logs you requested:

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by SamIAm (administrator) on SAMS (07-02-2016 19:15:46)
Running from C:\Users\SamIAm\Downloads
Loaded Profiles: SamIAm (Available Profiles: SamIAm)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(© 2015 Microsoft Corporation) C:\Users\SamIAm\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SwitchToDesktop] => C:\OEM\preload\command\AlaunchX\SendDesktop.scf [101 2013-09-26] ()
HKLM\...\Run: [New Acer AlaunchX] => C:\OEM\preload\command\AlaunchX\AlaunchX.exe [1876232 2014-05-18] (Acer Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-3907692946-608799178-847432813-1001\...\Run: [BingSvc] => C:\Users\SamIAm\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-15] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3907692946-608799178-847432813-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3907692946-608799178-847432813-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-3907692946-608799178-847432813-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{142796ED-E168-46A9-980F-87ABC6168E4C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{3CF228DF-3C19-4CD2-935A-866F7A852480}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-3907692946-608799178-847432813-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-3907692946-608799178-847432813-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SL5M_FRPage
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3907692946-608799178-847432813-1001 -> DefaultScope {3C988C48-4FAB-4152-92BF-CC12B3382A54} URL =
SearchScopes: HKU\S-1-5-21-3907692946-608799178-847432813-1001 -> {3C988C48-4FAB-4152-92BF-CC12B3382A54} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\SamIAm\AppData\Roaming\Mozilla\Firefox\Profiles\obqm8kde.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5JDF&PC=SL5J&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-16] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SamIAm\AppData\Roaming\Mozilla\Firefox\Profiles\obqm8kde.default\searchplugins\bing-.xml [2015-11-08]
FF Extension: Bing Search - C:\Users\SamIAm\AppData\Roaming\Mozilla\Firefox\Profiles\obqm8kde.default\Extensions\[email protected] [2015-11-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Google Calendar) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-09]
CHR Extension: (Google Sheets) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (SiteAdvisor) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-01-09]
CHR Extension: (Google Docs Offline) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\SamIAm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2016-02-05] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-29] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 McAWFwk; c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 19:15 - 2016-02-07 19:16 - 00016009 _____ C:\Users\SamIAm\Downloads\FRST.txt
2016-02-07 19:14 - 2016-02-07 19:15 - 00000000 ____D C:\FRST
2016-02-07 19:11 - 2016-02-07 19:11 - 02370560 _____ (Farbar) C:\Users\SamIAm\Downloads\FRST64.exe
2016-02-07 12:52 - 2016-02-07 12:52 - 00043585 _____ C:\Users\SamIAm\Documents\Wells Fargo account statement with Interfathom purchase.pdf
2016-02-07 12:32 - 2016-02-07 12:32 - 00000000 ___RD C:\Users\SamIAm\Documents\Notes
2016-02-06 21:47 - 2016-02-06 22:19 - 00000000 ____D C:\Users\SamIAm\AppData\Roaming\Skype
2016-02-06 21:47 - 2016-02-06 21:47 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-06 21:47 - 2016-02-06 21:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-06 21:47 - 2016-02-06 21:47 - 00000000 ____D C:\Users\SamIAm\AppData\Local\Skype
2016-02-06 21:47 - 2016-02-06 21:47 - 00000000 ____D C:\ProgramData\Skype
2016-02-06 21:47 - 2016-02-06 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-06 21:44 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2016-02-06 21:44 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2016-02-06 21:44 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2016-02-06 21:44 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2016-02-06 21:43 - 2016-01-22 03:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-06 21:43 - 2016-01-22 02:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-06 21:43 - 2016-01-22 00:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-02-06 21:43 - 2016-01-22 00:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-06 21:43 - 2016-01-22 00:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-06 21:43 - 2016-01-22 00:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-06 21:43 - 2016-01-21 23:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-06 21:42 - 2016-01-14 20:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-06 21:42 - 2016-01-14 15:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-06 21:42 - 2016-01-14 15:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-06 21:42 - 2016-01-14 15:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-06 21:42 - 2016-01-14 15:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-06 21:42 - 2016-01-14 15:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-06 21:42 - 2016-01-14 15:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-06 21:42 - 2015-12-16 12:11 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-02-06 21:42 - 2015-12-16 11:51 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-02-06 21:41 - 2014-11-17 15:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2016-02-06 21:41 - 2014-11-17 15:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-02-06 21:41 - 2014-11-15 14:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-06 21:41 - 2014-11-15 01:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-06 21:41 - 2014-11-14 01:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-02-06 21:41 - 2014-11-14 01:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2016-02-06 21:41 - 2014-11-14 01:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-02-06 21:41 - 2014-11-10 13:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-02-06 21:41 - 2014-11-07 22:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-02-06 21:41 - 2014-11-07 20:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2016-02-06 21:41 - 2014-11-07 20:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2016-02-06 21:41 - 2014-11-06 22:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-02-06 21:41 - 2014-11-06 22:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-02-06 21:40 - 2016-01-10 14:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-06 21:40 - 2016-01-10 11:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-06 21:40 - 2016-01-10 11:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-06 21:40 - 2016-01-10 11:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-06 21:40 - 2016-01-10 11:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-02-06 21:40 - 2016-01-10 11:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-06 21:40 - 2016-01-10 11:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-06 21:40 - 2016-01-10 11:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-06 21:40 - 2016-01-10 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-06 21:40 - 2016-01-10 11:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-06 21:40 - 2016-01-10 11:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-06 21:40 - 2016-01-10 11:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-06 21:40 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-02-06 21:40 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-02-06 21:40 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-02-06 21:40 - 2014-11-14 00:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-02-06 21:40 - 2014-11-09 21:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2016-02-06 21:40 - 2014-11-09 20:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-02-06 21:40 - 2014-11-09 20:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-02-06 21:40 - 2014-11-09 19:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-02-06 21:40 - 2014-11-07 23:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2016-02-06 21:40 - 2014-11-07 22:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2016-02-06 21:40 - 2014-11-07 22:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2016-02-06 21:40 - 2014-11-07 22:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2016-02-06 21:40 - 2014-11-07 22:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2016-02-06 21:40 - 2014-11-07 22:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2016-02-06 21:40 - 2014-11-07 22:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2016-02-06 21:40 - 2014-11-07 22:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2016-02-06 21:40 - 2014-11-07 21:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2016-02-06 21:40 - 2014-11-07 21:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-02-06 21:40 - 2014-11-07 21:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-02-06 21:40 - 2014-11-07 21:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2016-02-06 21:40 - 2014-11-04 21:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2016-02-06 21:40 - 2014-11-04 21:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2016-02-06 21:40 - 2014-11-04 21:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2016-02-06 21:40 - 2014-11-04 20:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-02-06 21:40 - 2014-11-04 20:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2016-02-06 21:40 - 2014-11-04 20:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2016-02-06 21:40 - 2014-11-04 20:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2016-02-06 21:40 - 2014-11-04 20:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2016-02-06 21:40 - 2014-11-04 20:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2016-02-06 21:40 - 2014-11-04 20:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-02-06 21:40 - 2014-11-04 20:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2016-02-06 21:40 - 2014-11-04 20:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2016-02-06 21:40 - 2014-11-04 14:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2016-02-06 21:40 - 2014-11-04 01:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2016-02-06 21:40 - 2014-11-04 00:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-02-06 21:40 - 2014-10-28 22:05 - 00551232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-02-06 21:40 - 2014-10-28 20:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2016-02-06 21:40 - 2014-10-28 20:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2016-02-06 21:40 - 2014-10-20 20:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2016-02-06 21:40 - 2014-10-20 20:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2016-02-06 21:40 - 2014-10-20 19:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2016-02-06 21:40 - 2014-10-20 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2016-02-06 21:40 - 2014-10-20 19:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2016-02-06 21:40 - 2014-10-20 19:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-02-06 21:40 - 2014-10-20 19:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2016-02-06 21:40 - 2014-10-16 23:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2016-02-06 21:40 - 2014-10-16 22:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-02-06 21:37 - 2015-06-09 17:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-02-06 21:37 - 2015-06-09 17:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-02-06 21:37 - 2015-06-09 17:38 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-02-06 17:08 - 2016-02-06 17:08 - 00000000 ____D C:\Users\SamIAm\AppData\Roaming\SUPERAntiSpyware.com
2016-02-06 17:08 - 2016-02-06 17:08 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-02-06 17:08 - 2016-02-06 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-02-06 17:08 - 2016-02-06 17:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-06 17:06 - 2016-02-06 17:06 - 05271717 _____ C:\Users\SamIAm\Documents\network monitoring and troubleshooting for dummies.pdf
2016-02-06 17:05 - 2016-02-06 17:05 - 24642208 _____ (SUPERAntiSpyware) C:\Users\SamIAm\Downloads\SUPERAntiSpyware.exe
2016-02-06 00:16 - 2016-02-06 00:16 - 00047184 _____ C:\Users\SamIAm\Downloads\Extras.Txt
2016-02-06 00:15 - 2016-02-06 02:15 - 03344724 _____ C:\Users\SamIAm\Downloads\OTL.Txt
2016-02-05 23:53 - 2016-02-05 23:53 - 00000000 ____D C:\Users\SamIAm\Downloads\backups
2016-02-05 21:15 - 2016-02-05 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\SamIAm\Downloads\OTL.exe
2016-02-05 21:06 - 2016-02-05 21:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\SamIAm\Downloads\HijackThis.exe
2016-02-05 20:43 - 2016-02-06 20:31 - 00000000 ___RD C:\Users\SamIAm\Desktop\Cleanup Tools
2016-02-05 20:12 - 2016-02-07 15:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-05 20:12 - 2016-02-05 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-05 20:12 - 2016-02-05 20:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-05 20:12 - 2016-02-05 20:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-05 20:12 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-05 20:12 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-05 20:12 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-05 20:06 - 2016-02-05 20:07 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-02-05 19:17 - 2016-02-05 19:17 - 01662516 _____ C:\Users\SamIAm\Downloads\Kickstart-User-Manual.pdf
2016-02-05 19:16 - 2016-02-05 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-05 19:16 - 2016-02-05 19:16 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-05 19:15 - 2016-02-05 19:15 - 11323704 _____ (SurfRight B.V.) C:\Users\SamIAm\Downloads\HitmanPro_x64.exe
2016-02-05 19:14 - 2016-02-05 20:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-05 19:06 - 2016-02-05 19:06 - 07136072 _____ (ParetoLogic, Inc.) C:\Users\SamIAm\Downloads\RegCureProSetup_56C1F4F0-924D-4D64-A13F-87E74C7C7AFC_.exe
2016-02-05 19:02 - 2016-02-05 19:02 - 22908888 _____ (Malwarebytes ) C:\Users\SamIAm\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-05 19:00 - 2016-02-05 19:01 - 10344184 _____ (SurfRight B.V.) C:\Users\SamIAm\Downloads\HitmanPro.exe
2016-02-05 18:54 - 2016-02-05 18:54 - 00000354 _____ C:\Users\SamIAm\Desktop\All Control Panel Items - Shortcut.lnk
2016-02-05 18:24 - 2016-02-05 23:47 - 00000000 ____D C:\Users\SamIAm\AppData\Local\ClassicShell
2016-02-05 18:23 - 2016-02-05 18:23 - 00000000 ____D C:\Users\SamIAm\AppData\Roaming\ClassicShell
2016-02-05 18:18 - 2016-02-05 18:18 - 00000000 ____D C:\ProgramData\ClassicShell
2016-02-05 18:16 - 2016-02-05 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-02-05 18:16 - 2016-02-05 18:16 - 00000000 ____D C:\Program Files\Classic Shell
2016-02-05 18:14 - 2016-02-05 18:15 - 06968048 _____ (IvoSoft) C:\Users\SamIAm\Downloads\ClassicShellSetup_4_2_5.exe
2016-02-05 00:52 - 2016-02-05 00:52 - 00105988 ____T C:\Users\SamIAm\Documents\WalMart Payment 2_5_2016 1250am.oxps
2016-02-05 00:45 - 2016-02-05 00:45 - 00531787 ____T C:\Users\SamIAm\Documents\Amazon Payment 2_5_2016 1245am.oxps
2016-02-05 00:20 - 2016-02-05 00:20 - 00396145 ____T C:\Users\SamIAm\Documents\MerrickBank 2_5_2016 1220am.oxps
2016-02-05 00:06 - 2016-02-05 00:06 - 00307257 ____T C:\Users\SamIAm\Documents\PayPal Payment 2_5_2016 1206am.oxps
2016-02-04 23:47 - 2016-02-04 23:47 - 00343550 ____T C:\Users\SamIAm\Documents\CapitalOne 2_4_2016 1147pm.oxps
2016-02-04 23:29 - 2016-02-04 23:29 - 00194718 ____T C:\Users\SamIAm\Documents\Chase Freedom Payment 2_4_2016 1128pm.oxps
2016-02-04 23:14 - 2016-02-04 23:14 - 00330848 ____T C:\Users\SamIAm\Documents\United Healthcare Care Improvement Plus payment 2_4_2016 1114pm.oxps
2016-02-04 16:09 - 2016-02-04 16:10 - 88572984 _____ (TryMyUI, Inc.) C:\Users\SamIAm\Downloads\TryMyUIRecorder_windows_1_0_2.exe
2016-02-04 14:42 - 2016-02-04 14:43 - 01767455 _____ C:\Users\SamIAm\Desktop\Cam Luke JW Biblical group last post participation-1.pdf
2016-02-04 14:28 - 2016-02-04 14:28 - 02524247 ____T C:\Users\SamIAm\Desktop\Cam Luke JW Biblical group last post participation.oxps
2016-02-03 18:43 - 2016-02-03 18:44 - 02610451 _____ C:\Users\SamIAm\Desktop\Recording #11.mp4
2016-02-03 18:36 - 2016-02-03 18:36 - 02646139 _____ C:\Users\SamIAm\Desktop\Recording #10.mp4
2016-02-03 18:11 - 2016-02-03 18:12 - 02631000 _____ C:\Users\SamIAm\Desktop\Recording #9.mp4
2016-02-03 18:04 - 2016-02-03 18:05 - 02672481 _____ C:\Users\SamIAm\Desktop\Recording #8.mp4
2016-02-03 17:56 - 2016-02-03 17:57 - 02628399 _____ C:\Users\SamIAm\Desktop\Recording #7.mp4
2016-02-03 17:35 - 2016-02-03 17:36 - 02648951 _____ C:\Users\SamIAm\Desktop\Recording #6.mp4
2016-02-03 17:32 - 2016-02-03 17:32 - 03110243 _____ C:\Users\SamIAm\Desktop\Recording #5.mp4
2016-02-03 17:28 - 2016-02-03 17:28 - 00436658 _____ C:\Users\SamIAm\Desktop\Recording #4.mp4
2016-02-03 17:09 - 2016-02-03 18:47 - 00000000 ____D C:\Users\SamIAm\AppData\Local\Screencast-O-Matic-v2
2016-02-03 17:09 - 2016-02-03 17:09 - 00000000 ____D C:\Users\SamIAm\Documents\Screencast-O-Matic
2016-02-03 17:08 - 2016-02-03 17:08 - 00000000 ____D C:\Users\SamIAm\AppData\Local\Screen Recorder Launcher
2016-02-03 17:00 - 2016-02-03 17:00 - 17935112 _____ C:\Users\SamIAm\Downloads\InstallScreenRecorderLauncher-2.0.exe
2016-02-03 14:29 - 2016-02-03 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TryMyUIRecorder
2016-02-03 14:28 - 2016-02-03 14:29 - 00000000 ____D C:\Program Files (x86)\tmyrecorder
2016-02-02 19:11 - 2016-02-02 19:11 - 00835492 _____ C:\Users\SamIAm\Documents\p-16_theaagroup.pdf
2016-02-02 16:57 - 2016-02-03 14:47 - 00000000 ____D C:\Users\SamIAm\.oracle_jre_usage
2016-02-02 16:57 - 2016-02-02 17:09 - 00000000 ____D C:\Users\SamIAm\AppData\Roaming\.WhatUsersDo-Recorder
2016-02-02 16:50 - 2016-02-02 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhatUsersDo-Screen-Recorder
2016-02-02 16:49 - 2016-02-02 16:54 - 00000000 ____D C:\Program Files (x86)\WhatUsersDo-Screen-Recorder
2016-02-02 16:47 - 2016-02-02 16:49 - 111671512 _____ (WhatUsersDo Ltd ) C:\Users\SamIAm\Downloads\whatusersdo-recorder.exe
2016-02-02 16:04 - 2016-02-03 16:12 - 00000000 ____D C:\Users\SamIAm\Documents\UserTesting
2016-02-02 15:58 - 2016-02-03 16:04 - 00000000 ____D C:\Users\SamIAm\AppData\Local\UserTestingPlugin
2016-02-02 15:58 - 2016-02-02 15:58 - 24394248 _____ C:\Users\SamIAm\Downloads\InstallUserTestingPlugin-v1.8.exe
2016-02-02 02:13 - 2016-02-02 02:13 - 00279095 ____T C:\Users\SamIAm\Documents\MonySingh Payment 02_02_2016 213am.oxps
2016-02-01 04:26 - 2016-02-01 04:26 - 00009382 _____ C:\Users\SamIAm\Documents\islam project.odt
2016-01-30 01:32 - 2016-01-30 01:32 - 00301466 ____T C:\Users\SamIAm\Documents\Comcast Payment 1_30_2016 132am.oxps
2016-01-30 01:22 - 2016-01-30 01:22 - 00187543 ____T C:\Users\SamIAm\Documents\SCE&G payment 1_30_2016 122am.oxps
2016-01-30 01:14 - 2016-01-30 01:14 - 00205150 ____T C:\Users\SamIAm\Documents\VerizonWireless Payment 1_30_2016 114am.oxps
2016-01-29 23:17 - 2016-01-29 23:17 - 00251165 ____T C:\Users\SamIAm\Documents\Bill Wilson's speech at Dr Bobs funeral.oxps
2016-01-29 22:37 - 2016-02-01 04:26 - 00035046 _____ C:\Users\SamIAm\Documents\response to juliet.odt
2016-01-29 21:30 - 2016-01-29 21:30 - 00030761 _____ C:\Users\SamIAm\Documents\Untitled 1.odt
2016-01-29 20:09 - 2016-01-29 20:09 - 00002669 _____ C:\Users\SamIAm\AppData\Local\recently-used.xbel
2016-01-29 20:05 - 2016-01-29 20:05 - 00000045 _____ C:\Users\SamIAm\.gtk-bookmarks
2016-01-29 19:55 - 2016-01-29 20:09 - 00000000 ____D C:\Users\SamIAm\AppData\Local\gtk-2.0
2016-01-29 19:55 - 2016-01-29 19:55 - 00000000 ____D C:\Users\SamIAm\.thumbnails
2016-01-29 19:51 - 2016-01-29 20:10 - 00000000 ____D C:\Users\SamIAm\.gimp-2.8
2016-01-29 19:51 - 2016-01-29 19:51 - 00000000 ____D C:\Users\SamIAm\AppData\Local\gegl-0.2
2016-01-29 19:51 - 2016-01-29 19:51 - 00000000 ____D C:\Users\SamIAm\AppData\Local\fontconfig
2016-01-29 19:50 - 2016-01-29 19:50 - 00001470 _____ C:\Users\SamIAm\Desktop\gimp-2.8 - Shortcut.lnk
2016-01-29 19:45 - 2016-01-29 19:45 - 00000914 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-01-29 19:43 - 2016-01-29 19:45 - 00000000 ____D C:\Program Files\GIMP 2
2016-01-29 19:38 - 2016-01-29 19:39 - 96819488 _____ (The GIMP Team ) C:\Users\SamIAm\Downloads\gimp-2.8.16-setup.exe
2016-01-27 21:39 - 2016-01-27 21:39 - 00112562 _____ C:\Users\SamIAm\Documents\Dairyland Auto Insurance SC Documents 1_27_2016 939pm.pdf
2016-01-27 15:12 - 2016-01-27 15:12 - 01211547 ____T C:\Users\SamIAm\Documents\Ken Widgery PeekYou with hidden profiles info and emails.oxps
2016-01-26 15:39 - 2016-01-26 15:39 - 00065390 _____ C:\Users\SamIAm\Documents\OP forum AA trauma post response.pdf
2016-01-26 15:39 - 2016-01-26 15:39 - 00034910 _____ C:\Users\SamIAm\Documents\OP forum AA trauma post response.odt
2016-01-26 00:05 - 2016-01-26 20:33 - 00030992 _____ C:\Users\SamIAm\Documents\OP group posts.odt
2016-01-25 15:51 - 2016-01-25 15:51 - 00023004 _____ C:\Users\SamIAm\Desktop\Jung James and Alcoholics Anonymous.odt
2016-01-25 12:05 - 2016-01-25 12:06 - 01124118 _____ C:\Users\SamIAm\Documents\Influence of Carl Jung and William James on the Origin of Alcoholics Anonymous.pdf
2016-01-23 19:59 - 2016-01-23 19:59 - 17215381 _____ C:\Users\SamIAm\Documents\millerites and millenialists in Great Britain 1830_60.pdf
2016-01-23 19:35 - 2016-01-23 19:35 - 00980669 _____ C:\Users\SamIAm\Documents\quest-carl-olof-jonsson-presence Jehovahs Witnesses invisible presence parousia christ return origin doctrin.pdf
2016-01-19 21:33 - 2016-02-05 02:23 - 00018034 _____ C:\Users\SamIAm\Desktop\Budget Feb 2016.ods
2016-01-18 14:02 - 2016-01-18 14:58 - 00011500 _____ C:\Users\SamIAm\Documents\dream blog post ideas.odt
2016-01-18 14:01 - 2016-01-26 20:31 - 00009731 _____ C:\Users\SamIAm\Documents\Past event markers.odt
2016-01-17 18:57 - 2016-01-26 20:31 - 00018401 _____ C:\Users\SamIAm\Desktop\Budget 2nd loan test.ods
2016-01-17 15:34 - 2016-01-17 15:34 - 00303927 ____T C:\Users\SamIAm\Documents\Trallis address leads to check for military base proximities.oxps
2016-01-17 14:53 - 2016-01-17 14:53 - 00539857 ____T C:\Users\SamIAm\Documents\Zenda Watford relative of Charles Watford father of trallis Watford maybe.oxps
2016-01-17 14:51 - 2016-01-17 14:51 - 00564618 ____T C:\Users\SamIAm\Documents\Trallis Thomas lamar south carolina Trallis Watford married maybe.oxps
2016-01-16 12:08 - 2016-01-16 12:09 - 00228741 _____ C:\Users\SamIAm\Documents\EmpowerNetwork_Compensation_Model.pdf
2016-01-13 04:27 - 2015-12-10 23:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 04:27 - 2015-12-10 23:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 04:27 - 2015-12-10 22:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 04:27 - 2015-12-10 22:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 04:27 - 2015-12-10 22:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 04:27 - 2015-12-10 22:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 04:27 - 2015-12-10 22:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 04:27 - 2015-12-10 22:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 04:27 - 2015-12-10 22:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 04:27 - 2015-12-10 22:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 04:27 - 2015-12-10 21:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 04:27 - 2015-12-10 21:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 04:27 - 2015-12-10 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 04:27 - 2015-12-10 21:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 04:27 - 2015-12-10 21:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 04:27 - 2015-12-10 21:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 04:27 - 2015-12-10 21:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 04:27 - 2015-12-10 21:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 04:27 - 2015-12-10 21:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 04:27 - 2015-12-10 21:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 04:27 - 2015-12-10 21:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 04:26 - 2015-12-30 14:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 04:26 - 2015-12-30 14:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 04:26 - 2015-12-30 14:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 04:26 - 2015-12-07 05:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 01798480 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 04:26 - 2015-12-05 00:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 04:26 - 2015-12-05 00:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 04:26 - 2015-12-04 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 04:26 - 2015-12-03 14:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-13 04:26 - 2015-12-03 14:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 04:26 - 2015-12-03 13:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 04:26 - 2015-12-03 13:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 04:26 - 2015-12-03 13:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 04:26 - 2015-12-03 13:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 04:26 - 2015-12-03 13:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 04:26 - 2015-12-03 13:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 04:26 - 2015-12-03 12:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 04:26 - 2015-12-03 12:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 04:26 - 2015-12-03 12:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 04:26 - 2015-12-03 12:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 04:26 - 2015-12-03 12:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 04:26 - 2015-12-03 12:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 04:26 - 2015-12-03 12:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 04:26 - 2015-12-03 12:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 04:26 - 2015-12-03 12:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 04:26 - 2015-12-03 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 04:26 - 2015-12-03 12:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 04:26 - 2015-12-03 12:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 04:26 - 2015-12-03 11:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 04:26 - 2015-12-03 11:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 04:26 - 2015-12-03 11:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 04:26 - 2015-12-02 10:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 04:26 - 2015-12-02 10:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 04:25 - 2015-12-03 14:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-13 04:25 - 2015-12-03 14:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 04:25 - 2015-12-03 14:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 04:25 - 2015-12-03 13:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-13 04:25 - 2015-12-03 13:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 04:25 - 2015-12-03 13:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 04:25 - 2015-12-03 13:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 04:25 - 2015-12-03 12:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-13 04:25 - 2015-12-03 12:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-13 04:25 - 2015-11-17 16:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 04:24 - 2015-12-08 14:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 04:24 - 2015-12-08 14:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-11 17:58 - 2016-01-17 14:04 - 00049231 _____ C:\Users\SamIAm\Documents\email to anthony.odt
2016-01-11 10:09 - 2016-01-25 09:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-09 14:35 - 2016-01-09 14:35 - 00366857 ____T C:\Users\SamIAm\Documents\moms unclaimed property form.oxps
2016-01-09 13:10 - 2015-06-30 21:04 - 83886080 _____ C:\Users\SamIAm\Desktop\places.sqlite
2016-01-09 12:59 - 2015-09-20 21:06 - 00722496 _____ C:\Users\SamIAm\Desktop\bookmarks_9_20_15 Chrome.html
2016-01-09 12:50 - 2016-02-04 17:01 - 00002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-09 12:50 - 2016-02-04 17:01 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-09 12:49 - 2016-02-07 18:59 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 12:49 - 2016-02-07 16:59 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 12:49 - 2016-02-01 16:54 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-09 12:49 - 2016-02-01 16:54 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-09 12:49 - 2016-01-09 12:50 - 00000000 ____D C:\Users\SamIAm\AppData\Local\Google
2016-01-09 12:49 - 2016-01-09 12:50 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-09 12:48 - 2016-01-09 12:48 - 00927824 _____ (Google Inc.) C:\Users\SamIAm\Downloads\ChromeSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-07 15:55 - 2015-10-15 12:44 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AA26D2EF-9B04-4F02-94F6-3CEB2636257E}
2016-02-07 15:53 - 2015-11-23 08:50 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-02-07 10:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-02-07 00:08 - 2014-03-18 05:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-07 00:08 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-02-06 22:03 - 2015-10-15 12:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3907692946-608799178-847432813-1001
2016-02-06 21:58 - 2015-11-17 08:05 - 00000404 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2016-02-06 21:56 - 2015-11-15 12:03 - 00000000 ____D C:\Users\SamIAm\OneDrive
2016-02-06 21:52 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-06 21:51 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-06 21:49 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-02-06 21:49 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-02-06 21:49 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\setup
2016-02-06 21:46 - 2015-11-02 02:00 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-06 21:46 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-02-05 21:17 - 2015-10-15 12:40 - 00000000 ____D C:\Users\SamIAm\AppData\Local\VirtualStore
2016-02-05 20:41 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\IME
2016-02-05 15:11 - 2015-10-15 12:39 - 00000000 ____D C:\Users\SamIAm
2016-02-05 13:23 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-25 09:01 - 2015-11-08 03:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-22 10:35 - 2015-11-01 20:33 - 00000000 ____D C:\Users\Public\CrashDumps
2016-01-17 19:00 - 2015-12-20 11:32 - 00018953 _____ C:\Users\SamIAm\Desktop\Budget loan test 2.ods
2016-01-16 12:20 - 2015-11-08 05:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-16 12:20 - 2015-11-08 05:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-16 12:17 - 2015-11-08 04:56 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-16 12:17 - 2015-11-08 04:56 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-16 12:17 - 2015-11-02 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 15:11 - 2015-11-01 20:22 - 00000000 ____D C:\Windows\system32\MRT
2016-01-14 15:06 - 2015-11-01 20:22 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 04:43 - 2015-11-08 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2016-01-29 20:09 - 2016-01-29 20:09 - 0002669 _____ () C:\Users\SamIAm\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\SamIAm\AppData\Local\Temp\BingSvc.exe
C:\Users\SamIAm\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\SamIAm\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\SamIAm\AppData\Local\Temp\DefaultPack.EXE
C:\Users\SamIAm\AppData\Local\Temp\i4jdel0.exe
C:\Users\SamIAm\AppData\Local\Temp\MSETUP4.EXE
C:\Users\SamIAm\AppData\Local\Temp\som_fs.exe
C:\Users\SamIAm\AppData\Local\Temp\som_mp4_encoder_2.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-03 14:15

==================== End of FRST.txt ============================

 

 

ADDITIONAL LOG

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by SamIAm (2016-02-07 19:17:48)
Running from C:\Users\SamIAm\Downloads
Windows 8.1 (X64) (2015-10-15 17:39:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3907692946-608799178-847432813-500 - Administrator - Disabled)
Guest (S-1-5-21-3907692946-608799178-847432813-501 - Limited - Disabled)
SamIAm (S-1-5-21-3907692946-608799178-847432813-1001 - Administrator - Enabled) => C:\Users\SamIAm

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
Screen Recorder Launcher (HKU\S-1-5-21-3907692946-608799178-847432813-1001\...\ScreenRecorderLauncher) (Version: 2.0 - )
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
TryMyUIRecorder 1.0.2 (HKLM-x32\...\4295-7270-9283-5586) (Version: 1.0.2 - TryMyUI, Inc.)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.10.20.0 - File.org)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-3907692946-608799178-847432813-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
Watchtower Library 2011 - English (HKLM-x32\...\{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WhatUsersDo-Screen-Recorder version 1.0 (HKLM-x32\...\{E13A55D7-EC52-44B7-A55A-5D24AA8101E3}_is1) (Version: 1.0 - WhatUsersDo Ltd)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00B18760-869B-4991-A534-CFF655593400} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
Task: {1FFC006A-0A38-47BB-8FEB-EA7D4E5FE7FF} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {22CFCBEB-0C1F-4B3B-A4EA-1507D48AB754} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {35043517-0086-430E-ABF8-5369EA53DB92} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {3D6738BD-8F9E-4A81-B543-2F56AF787605} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {627D4B18-C9DD-4320-8842-646FA29AB248} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-09] (Google Inc.)
Task: {C8BAC747-5946-4BA0-AB1D-395318B99956} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {F2169209-96C2-4411-A236-366B14AEF458} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-23 08:51 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-09-23 22:43 - 2012-09-23 22:43 - 00313992 _____ () c:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-09-05 09:04 - 2013-09-05 09:04 - 14588632 _____ () c:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2014-08-13 08:27 - 2014-08-13 08:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 12:34 - 2014-07-29 12:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-12-21 21:18 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3907692946-608799178-847432813-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SamIAm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5D4C4391-A5FC-4E9F-BAA0-4F66AA154901}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8040B846-F6C8-412A-A40E-A835D160E201}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F40B338A-7D05-448E-AFF2-339D2B58BCEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA201E4D-3545-4FAD-8707-6D0CB8FF5345}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0E6F6CCF-F1DC-45B9-B447-D91A1FF37A77}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{0C1237B7-0691-454C-B495-B6814F5B8E69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4646C3E-6F2C-4D8E-AF03-4B8259E23181}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7C08E5B6-6F13-4902-8D43-082F4AF4FACA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-01-2016 11:21:51 Scheduled Checkpoint
05-02-2016 18:16:13 Installed Classic Shell

==================== Faulty Device Manager Devices =============

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2016 01:45:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 4.8.207.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bcc

Start Time: 01d161d7a48afbdf

Termination Time: 4294967295

Application Path: C:\Program Files\Windows Defender\MSASCui.exe

Report Id: ff975d4e-cdca-11e5-8273-b8ee65c3d830

Faulting package full name:

Faulting package-relative application ID:

Error: (02/07/2016 09:45:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 4.8.207.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 620

Start Time: 01d161535ea608a7

Termination Time: 4294967295

Application Path: C:\Program Files\Windows Defender\MSASCui.exe

Report Id: 770e6ad9-cda9-11e5-8273-b8ee65c3d830

Faulting package full name:

Faulting package-relative application ID:

Error: (02/06/2016 06:32:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1598

Start Time: 01d160d1463b810e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 39e5a847-ccc5-11e5-8272-b8ee65c3d830

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/04/2016 11:17:09 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (01/29/2016 11:04:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/25/2016 09:53:02 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (01/25/2016 10:10:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/25/2016 09:24:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/23/2016 10:31:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 24d0

Start Time: 01d155b8743394ef

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5e8f17c1-c1e6-11e5-826e-b8ee65c3d830

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/22/2016 10:35:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x1c24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5


System errors:
=============
Error: (02/07/2016 02:32:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (02/05/2016 08:40:47 PM) (Source: DCOM) (EventID: 10010) (User: SAMS)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/05/2016 07:33:44 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Acer.

A corruption was found in a file system index structure.  The file reference number is 0x1000000002265.  The name of the file is "\Windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (02/05/2016 03:12:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (01/27/2016 11:23:30 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Acer.

A corruption was found in a file system index structure.  The file reference number is 0x1000000002265.  The name of the file is "\Windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/25/2016 09:01:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:14:04 PM on ‎1/‎24/‎2016 was unexpected.

Error: (01/19/2016 11:42:03 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Acer.

A corruption was found in a file system index structure.  The file reference number is 0x1000000002265.  The name of the file is "\Windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/16/2016 12:19:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache3.0.0.0 service.

Error: (01/15/2016 02:22:06 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume Acer.

A corruption was found in a file system index structure.  The file reference number is 0x1000000002265.  The name of the file is "\Windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/14/2016 12:53:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - January 2016 (KB890830).


CodeIntegrity:
===================================
  Date: 2016-02-07 18:54:22.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:54:21.739
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:54:20.948
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:54:06.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:54:05.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:54:02.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:54:01.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:53:58.760
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:53:57.353
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-02-07 18:41:20.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 63%
Total physical RAM: 3979.2 MB
Available physical RAM: 1454.44 MB
Total Virtual: 6283.2 MB
Available Virtual: 2966.66 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456.95 GB) (Free:408.19 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.76 GB) (Free:457.61 GB) NTFS
Drive f: (Transcend) (Fixed) (Total:931.28 GB) (Free:833.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 669F30C3)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E151CD86)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Thanks for the info. Is it your intention to eventually upgrade to the free Windows 10 OS?
 
Also please ensure any critical data is backed up and then do the following.

 

Step#1 - ChkDsk Repair
1. Click your Start button in the lower left of your computer and type cmd in the search box.
2. Once the cmd program is found, right-click on it with your mouse and select Run as administrator as shown below.
ElevateCommandPrompt.JPG
3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk /R and then press enter. Note: There is a space after the command chkdsk and before the forward slash
6. You will get a prompt telling you chkdsk cannot run because the volume is in use. Answer Y and hit enter to schedule the run at next boot.
7. Reboot your computer and chkdsk will run. Let it complete please.
8. Right-click ListChkdskResult.exe and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.


  • 0

#5
SallyMae

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Is it your intention to eventually upgrade to the free Windows 10 OS?

 

I think that I should and I kind of would like to.  But every time the offer pops up, I have a lot going on and I can't seem to find the time yet to back everything up and then turn around and re-install all of my programs if need be.  I don't know if I will end up having to do all of that with the upgrade but the prospect of having to hasn't made me eager to go ahead and upgrade. Plus, I've gotten used to Windows 8 and I don't know how long it will take me to get used to 10 and/or how much time I'll have to take tweaking or eliminating things I don't like, etc.  So, honestly, I guess my final answer is "I don't know".  Are you thinking that the simplest resolution to this problem would be to just do the upgrade to Windows 10?

 

I followed these instructions exactly as listed:

 

5. Please type chkdsk /R and then press enter. Note: There is a space after the command chkdsk and before the forward slash
6. You will get a prompt telling you chkdsk cannot run because the volume is in use. Answer Y and hit enter to schedule the run at next boot.
7. Reboot your computer and chkdsk will run. Let it complete please.

 

I had expected the ListChkdskResult.exe to show up on my desktop.  When it didn't, I did a search of my C: drive for the file and nothing was found.  I went to the Event Viewer to see if any results showed up there under DiskDiagnostic or DiskDiagnosticDataCollector.  Nothing showed up there either.

 

Thank you again for your help.


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

 Are you thinking that the simplest resolution to this problem would be to just do the upgrade to Windows 10?

 

It is a possible solution. I just wanted to find out from you what you were thinking.

 

I had expected the ListChkdskResult.exe to show up on my desktop. 

 

This program won't show up on your desktop. You need to download this program. My fault. Here is the link.

https://dl.dropboxus...hkdskResult.exe


  • 0

#7
SallyMae

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

ListChkdskResult.exe Log

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 2/8/2016 5:09:22 PM >------
Category: 0
Computer Name: Sams
Event Code: 1001
Record Number: 19853
Source Name: Microsoft-Windows-Wininit
Time Written: 02-08-2016 @ 08:04:20
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is Acer.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  224512 file records processed.                                                        

File verification completed.
  4691 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  298600 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 753 unused index entries from index $SII of file 0x9.
Cleaning up 753 unused index entries from index $SDH of file 0x9.
Cleaning up 753 unused security descriptors.
Security descriptor verification completed.
  37045 data files processed.                                           

CHKDSK is verifying Usn Journal...
  41561440 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  224496 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
  107020162 free clusters processed.                                                       

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 479142911 KB total disk space.
  50590448 KB in 173744 files.
    123340 KB in 37046 indexes.
         0 KB in bad sectors.
    348471 KB in use by the system.
     65536 KB occupied by the log file.
 428080652 KB available on disk.

      4096 bytes in each allocation unit.
 119785727 total allocation units on disk.
 107020163 allocation units available on disk.

Internal Info:
00 6d 03 00 6c 37 03 00 11 2d 06 00 00 00 00 00  .m..l7...-......
88 01 00 00 31 00 00 00 00 00 00 00 00 00 00 00  ....1...........

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Sorry for the delay. Now that corrections have been made on the disk, please do the following.

 

Step#1 - Malwarebytes Scan

  • Open Malwarebytes.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#2 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 


  • 0

#9
SallyMae

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
After running Malwarebytes, one "PUP" was found that I removed.
 
 
Malwarebytes Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/11/2016
Scan Time: 11:08 PM
Logfile: MBAM log 2_11_2016 1147pm.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.12.01
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: SamIAm
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331885
Time Elapsed: 23 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Thanks. Please do the following.

 

Step#1 - Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.


  • 0

Advertisements


#11
SallyMae

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
FSS Log:
 
Farbar Service Scanner Version: 27-01-2016
Ran by SamIAm (administrator) on 12-02-2016 at 12:00:07
Running from "C:\Users\SamIAm\Desktop\Cleanup Tools"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 Thank you for all of your help.  :yes:

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Excellent. Please do the following now.

 

Boot your computer into a Clean Boot state by following the information in the link below.

https://support.micr...en-us/kb/929135

 

Then please try to run a Windows Defender scan and let me know the results.

 

Thanks.


  • 0

#13
SallyMae

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

I followed the instructions at the link, rebooted and ran windows defenders in two modes.  I can run a quick scan.  I cannot run a full scan.  I've tried three times and it will run for 11-12 hours and still have only scanned less than 20% of the disk and scanned very few files.  The error is gone, though.  Progress! :yes:


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,589 posts

Awesome. Can you let the full scan run for over 24 hours and let me know if it gets past 20%?


  • 0

#15
SallyMae

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Sure thing!  Will do.


Edited by SallyMae, 15 February 2016 - 08:33 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP