Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Way To Slow, Hang Ups and Typing Jumps All Around


  • Please log in to reply

#1
ChellseyGeek

ChellseyGeek

    Member

  • Member
  • PipPip
  • 19 posts

Typing this is a challenge.  My keyboard isn't working right.  For some reason when I type, I get four or five words typed and then all of a sudden my cursor will jump into the middle of an already typed line while I'm typing or other weird stuff will happen like I hit the space bar and the screen or page jumps to the bottom.  I'm concerned that I may have a keylogger and would like to know if I do.  Whatever is going on, it is getting really bad. My computer is writing to disk an awful lot when there is plenty of memory to spare.  I had Windows 10 but forgot to create a recovery disk and somehow I got locked out of my desktop - my password stopped working.  I ended up having to roll back to Windows 8.1 but the problems just continue to get worse.  I can't update virus definitions for Windows Defender.  it just hangs up and sits for hours in the middle of the update.  MalwareBytes can't seem to find a problem.  Three times as I've been writing this, all of the type highlights and erases itself out-of-blue. Even when the cursor isn't jumping all over the place, it can sometimes take hours for me to type a paragraph.  I type 120wpm easily and my keyboard no longer comes anywhere near keeping up with me.  It can get hung up in the middle of a sentence and take 20 or more minutes to stop hanging up.  This incredibly frustrating. 

 

My browser (Firefox) often goes into "not responding" mode for 10-15 minutes at a time.  I get "not responding" messages about scripts that have the word "jetpack" in them.  I'm not running any more stuff than I always have and yet, I get these hangups all-to-often. 

 

Help!?  Thank You.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Anela (administrator) on SICKANDTIRED (22-12-2016 23:42:38)
Running from C:\Users\Anela\Desktop
Loaded Profiles: Anela (Available Profiles: Anela)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Sysinternals - www.sysinternals.com) C:\Users\Anela\Desktop\Clean Up Tools\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Anela\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The Wireshark developer community, hxxp://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SwitchToDesktop] => C:\OEM\preload\command\AlaunchX\SendDesktop.scf [101 2013-09-26] ()
HKLM\...\Run: [New Acer AlaunchX] => C:\OEM\preload\command\AlaunchX\AlaunchX.exe [1876232 2014-05-18] (Acer Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-14] (SUPERAntiSpyware)
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\...\MountPoints2: {67d41f76-ab37-11e6-825a-b8ee65c3d830} - "G:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\Users\Anela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-11-16]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Anela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk [2016-11-27]
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-684047503-1092859665-3699815063-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{FACA83E1-3147-4942-B8CC-0EAC09777A0F}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-684047503-1092859665-3699815063-1001 -> DefaultScope {24DE9D49-2644-41DF-85C7-2CEC88C7A731} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

FireFox:
========
FF DefaultProfile: bng6vkbd.default
FF ProfilePath: C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default [2016-12-22]
FF NetworkProxy: Mozilla\Firefox\Profiles\bng6vkbd.default -> type", 0
FF Extension: (Grammarly for Firefox) - C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default\Extensions\[email protected] [2016-11-21]
FF Extension: (NoScript) - C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-12-01]
FF Extension: (No Name) - C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-12-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default [2016-12-22]
CHR Extension: (Google Slides) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-27]
CHR Extension: (Google Docs) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Google Drive) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-27]
CHR Extension: (YouTube) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-27]
CHR Extension: (Google Sheets) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-27]
CHR Extension: (Gmail) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-29] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2016-11-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-11-13] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2016-11-13] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [237400 2016-11-13] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2016-11-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 23:42 - 2016-12-22 23:43 - 00015246 _____ C:\Users\Anela\Desktop\FRST.txt
2016-12-22 23:40 - 2016-12-22 23:40 - 02420736 _____ (Farbar) C:\Users\Anela\Desktop\FRST64.exe
2016-12-20 16:52 - 2016-12-20 16:52 - 00038998 _____ C:\Users\Anela\Documents\MMPI Loyola University.odt
2016-12-20 15:43 - 2016-12-20 15:43 - 00565665 ____T C:\Users\Anela\Documents\Wendy McKee Property Owner Information.oxps
2016-12-20 15:39 - 2016-12-20 16:39 - 00000000 ____D C:\Users\Anela\Documents\People Find
2016-12-18 20:18 - 2016-12-18 20:18 - 00348553 ____T C:\Users\Anela\Documents\Capital One Payment 12_18_2016 818pm.oxps
2016-12-17 02:01 - 2016-12-22 20:47 - 00027408 _____ C:\Users\Anela\Documents\Letter to Wendy McKee.odt
2016-12-17 02:01 - 2016-12-22 20:47 - 00000117 ____H C:\Users\Anela\Documents\.~lock.Letter to Wendy McKee.odt#
2016-12-17 00:59 - 2016-12-17 00:59 - 00404286 ____T C:\Users\Anela\Documents\Amazon Return Label for Tan Lamp for mom for xmas.oxps
2016-12-17 00:33 - 2016-12-17 00:33 - 00510095 ____T C:\Users\Anela\Documents\Walmart CCD Payment 12_17_2016 1233am.oxps
2016-12-16 23:58 - 2016-12-16 23:58 - 00295303 ____T C:\Users\Anela\Documents\Chase Payment 12_16_2016 1158pm.oxps
2016-12-16 23:40 - 2016-12-16 23:40 - 00528180 ____T C:\Users\Anela\Documents\Amazon Payment 12_16_2016 1140PM.oxps
2016-12-16 23:30 - 2016-12-16 23:30 - 00373744 ____T C:\Users\Anela\Documents\PayPal Payment 12_16_2016 1130pm.oxps
2016-12-14 16:02 - 2016-12-14 16:02 - 00000354 _____ C:\Users\Anela\Desktop\All Control Panel Items - Shortcut.lnk
2016-12-14 13:08 - 2016-12-14 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 00:03 - 2016-12-14 00:03 - 00000000 ____D C:\Users\Anela\AppData\Roaming\SUPERAntiSpyware.com
2016-12-13 23:44 - 2016-12-14 15:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-13 23:44 - 2016-12-13 23:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-13 23:44 - 2016-12-13 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-13 23:23 - 2016-12-13 23:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-13 23:15 - 2016-12-14 15:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-13 23:15 - 2016-12-13 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-13 23:15 - 2016-12-13 23:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-13 23:15 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-12-13 23:15 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-13 23:15 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-13 20:52 - 2016-12-22 19:53 - 00000000 ____D C:\Users\Anela\AppData\Local\ClassicShell
2016-12-13 20:51 - 2016-12-13 20:51 - 00000000 ____D C:\Users\Anela\AppData\Roaming\ClassicShell
2016-12-13 18:19 - 2016-12-13 18:35 - 00000000 ____D C:\Program Files\Classic Shell
2016-12-13 18:19 - 2016-12-13 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-12-13 18:18 - 2016-02-10 19:24 - 38494576 _____ (Apple Inc.) C:\Users\Anela\Downloads\SafariSetup.exe
2016-12-13 18:18 - 2016-02-05 22:15 - 00602112 _____ (OldTimer Tools) C:\Users\Anela\Downloads\OTL.exe
2016-12-13 18:18 - 2016-02-05 22:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Anela\Downloads\HijackThis.exe
2016-12-13 18:18 - 2016-02-05 20:03 - 22908888 _____ (Malwarebytes ) C:\Users\Anela\Downloads\mbam-setup-2.2.0.1024.exe
2016-12-13 18:18 - 2016-02-05 19:15 - 06968048 _____ (IvoSoft) C:\Users\Anela\Downloads\ClassicShellSetup_4_2_5.exe
2016-12-13 18:18 - 2016-02-03 18:00 - 17935112 _____ C:\Users\Anela\Downloads\InstallScreenRecorderLauncher-2.0.exe
2016-12-13 18:18 - 2016-02-02 17:49 - 111671512 _____ (WhatUsersDo Ltd ) C:\Users\Anela\Downloads\whatusersdo-recorder.exe
2016-12-13 18:18 - 2016-02-02 16:58 - 24394248 _____ C:\Users\Anela\Downloads\InstallUserTestingPlugin-v1.8.exe
2016-12-13 18:18 - 2016-01-29 20:39 - 96819488 _____ (The GIMP Team ) C:\Users\Anela\Downloads\gimp-2.8.16-setup.exe
2016-12-13 18:17 - 2016-02-17 22:18 - 88572984 _____ (TryMyUI, Inc.) C:\Users\Anela\Downloads\TryMyUIRecorder_windows_1_0_2.exe
2016-12-13 18:17 - 2016-02-06 18:05 - 24642208 _____ (SUPERAntiSpyware) C:\Users\Anela\Downloads\SUPERAntiSpyware.exe
2016-12-13 18:17 - 2013-07-27 22:36 - 11840744 _____ (Outercurve Foundation) C:\Users\Anela\Downloads\TaskMerlinSetup.exe
2016-12-12 15:14 - 2016-12-12 15:15 - 00000000 ____D C:\Users\Anela\Documents\facebook-AngelaSullivan1981_on 12 4 2016 1226am before acct deletion
2016-12-12 12:21 - 2016-12-22 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-12 12:21 - 2016-12-17 02:06 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-12 12:21 - 2016-12-15 15:29 - 00003864 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-12 12:21 - 2016-12-15 15:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-08 21:53 - 2016-12-08 21:56 - 00000000 ____D C:\Users\Anela\Downloads\bookmark_merger-0.2.3.exe
2016-12-08 21:51 - 2016-12-08 21:51 - 01878323 _____ C:\Users\Anela\Downloads\bookmark_merger-0.2.3.exe.zip
2016-12-08 21:40 - 2016-12-08 21:28 - 31457280 _____ C:\Users\Anela\Desktop\places.sqlite__reinstalled into ff from backup after win 10 crash
2016-12-08 02:05 - 2016-12-22 01:06 - 00000000 ____D C:\Users\Anela\Desktop\Work Product
2016-12-07 22:23 - 2016-12-07 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-12-07 22:23 - 2016-12-07 22:23 - 00000000 ____D C:\Program Files\7-Zip
2016-12-07 22:21 - 2016-12-07 22:21 - 01381582 _____ (Igor Pavlov) C:\Users\Anela\Downloads\7z1604-x64.exe
2016-12-06 22:44 - 2016-12-06 22:45 - 00002276 _____ C:\Users\Anela\Documents\test.odb
2016-12-06 13:59 - 2016-12-06 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TryMyUIRecorder
2016-12-06 13:59 - 2016-12-06 13:59 - 00000000 ____D C:\Program Files\TryMyUIRecorder
2016-12-06 13:44 - 2016-12-06 13:54 - 00000000 ____D C:\Users\Anela\.oracle_jre_usage
2016-12-06 13:42 - 2016-12-06 13:43 - 92229176 _____ (TryMyUI, Inc.) C:\Users\Anela\Downloads\TryMyUIRecorder_windows-x64_1_0_2.exe
2016-12-04 15:51 - 2016-12-21 17:35 - 00000000 ____D C:\Users\Anela\Desktop\Notes
2016-12-04 15:49 - 2016-12-21 11:51 - 00000000 ____D C:\Users\Anela\Desktop\Finances
2016-12-04 00:20 - 2016-12-04 00:20 - 05505045 _____ C:\Users\Anela\Documents\facebook-AngelaSullivan1981_on 12 4 2016 1226am before acct deletion.zip
2016-12-02 02:43 - 2016-12-02 02:43 - 00260469 _____ C:\Users\Anela\Documents\The Worst Scars are in the mind International Review of the Red Cross.pdf
2016-12-02 01:40 - 2016-12-02 01:40 - 00619327 ____T C:\Users\Anela\Documents\Best Jehovahs Witness Breach of Confidentiality.oxps
2016-12-02 01:37 - 2016-12-02 01:37 - 00607258 ____T C:\Users\Anela\Documents\Watchtower spies and secret agents page 2.oxps
2016-12-02 01:35 - 2016-12-02 01:35 - 00582807 ____T C:\Users\Anela\Documents\Jehovahs Witnesses Spies and Secret Agents.oxps
2016-12-01 21:39 - 2016-12-01 21:39 - 00281659 ____T C:\Users\Anela\Documents\MonySingh payment 12 1 2016 938pm.oxps
2016-11-30 12:35 - 2016-11-30 12:35 - 00448701 ____T C:\Users\Anela\Documents\Paula Heinrich Pensacola Florida ages 60 to 90.oxps
2016-11-30 12:31 - 2016-11-30 12:31 - 00408717 ____T C:\Users\Anela\Documents\Paula Heinrich Pensacola Florida USSEARCH age 70.oxps
2016-11-30 12:29 - 2016-11-30 12:29 - 00433648 ____T C:\Users\Anela\Documents\Paula Hunt Heinrich Pensacola Fl address and phone.oxps
2016-11-30 12:28 - 2016-11-30 12:28 - 00466942 ____T C:\Users\Anela\Documents\Paula Heinrich property record Pensacola Fl.oxps
2016-11-30 12:25 - 2016-11-30 12:25 - 00169544 ____T C:\Users\Anela\Documents\Paula Heinrich Pensacola Florida Whitepages dot com.oxps
2016-11-29 22:39 - 2016-11-29 22:39 - 00335048 ____T C:\Users\Anela\Documents\Merrick Bank Payment 11_29_2016 1039pm.oxps
2016-11-29 22:31 - 2016-11-29 22:31 - 00218414 ____T C:\Users\Anela\Documents\Barclays 11_29_2016 1030pm.oxps
2016-11-29 22:20 - 2016-11-29 22:20 - 00203436 ____T C:\Users\Anela\Documents\Wells Fargo CCD Payment 11_29_2016 1020PM.oxps
2016-11-28 21:12 - 2016-11-28 21:13 - 00352770 ____T C:\Users\Anela\Documents\Maritz Mystery Shop Independent Contractor agreement.oxps
2016-11-28 21:08 - 2016-11-28 21:08 - 00273498 ____T C:\Users\Anela\Documents\Maritz Mystery Shop W9.oxps
2016-11-27 23:38 - 2016-11-27 23:38 - 00768379 ____T C:\Users\Anela\Documents\Brian Boyle decatur AL email.oxps
2016-11-27 23:31 - 2016-11-27 23:32 - 00464332 ____T C:\Users\Anela\Documents\Brian Boyle decatur AL address and phone.oxps
2016-11-27 22:33 - 2016-11-27 22:33 - 00380551 ____T C:\Users\Anela\Documents\Ruth Paulette Story address and phone in decatur AL.oxps
2016-11-27 22:27 - 2016-11-27 22:27 - 00177435 ____T C:\Users\Anela\Documents\Hugh and Wanda address and phone.oxps
2016-11-27 22:26 - 2016-11-27 22:26 - 00000000 ____T C:\Users\Anela\Documents\Hugh and Wanda original property purchase record tampa, fl.oxps
2016-11-27 22:23 - 2016-11-27 22:23 - 01093844 ____T C:\Users\Anela\Documents\Hugh and Wanda property record tampa florida.oxps
2016-11-27 22:22 - 2016-11-27 22:22 - 00317135 ____T C:\Users\Anela\Documents\Hugh and Wanda home put in revocable trust.oxps
2016-11-27 17:27 - 2016-12-14 21:07 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-27 17:27 - 2016-12-14 21:07 - 00002167 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-27 17:26 - 2016-12-16 15:32 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-27 17:25 - 2016-12-16 15:32 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-27 17:25 - 2016-11-27 17:36 - 00000000 ____D C:\Users\Anela\AppData\Local\Google
2016-11-27 17:25 - 2016-11-27 17:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-27 17:24 - 2016-11-27 17:24 - 01065376 _____ (Google Inc.) C:\Users\Anela\Downloads\ChromeSetup(1).exe
2016-11-27 17:23 - 2016-11-27 17:23 - 01065376 _____ (Google Inc.) C:\Users\Anela\Downloads\ChromeSetup.exe
2016-11-27 17:04 - 2016-11-27 17:05 - 00000000 ____D C:\ProgramData\Oracle
2016-11-27 17:04 - 2016-11-27 17:04 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\Users\Anela\AppData\Roaming\Sun
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\Users\Anela\AppData\LocalLow\Sun
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-27 16:36 - 2016-11-27 16:36 - 00000000 ____D C:\Users\Anela\AppData\Roaming\WildTangent
2016-11-27 16:29 - 2016-11-27 16:29 - 00737344 _____ (Oracle Corporation) C:\Users\Anela\Downloads\jxpiinstall.exe
2016-11-27 12:57 - 2016-11-27 13:00 - 00000000 ____D C:\Users\Anela\AppData\Local\Sidebar7
2016-11-27 12:57 - 2016-11-27 12:57 - 00000000 ____D C:\Users\Anela\AppData\Local\Clipboarder
2016-11-27 12:55 - 2016-11-27 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2016-11-27 12:43 - 2013-07-28 17:09 - 17948672 _____ C:\Users\Anela\Downloads\8GadgetPackSetup.msi
2016-11-22 17:58 - 2016-11-22 17:58 - 00119331 _____ C:\Users\Anela\Documents\Form W9 Independent Contractor.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 23:42 - 2016-11-13 01:25 - 00000000 ____D C:\FRST
2016-12-22 01:07 - 2016-11-19 18:20 - 00000000 ____D C:\Users\Anela\AppData\LocalLow\Mozilla
2016-12-22 01:06 - 2016-11-15 13:14 - 00000000 ____D C:\Users\Anela\Desktop\Clean Up Tools
2016-12-20 19:48 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-15 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-15 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 23:52 - 2016-11-13 01:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-684047503-1092859665-3699815063-1001
2016-12-14 15:41 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-12-14 15:40 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-12-14 15:33 - 2016-11-15 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 15:33 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-14 15:32 - 2016-11-18 14:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-12-13 22:54 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-13 20:52 - 2016-11-13 01:18 - 00000000 ____D C:\Users\Anela
2016-12-13 13:06 - 2014-03-18 05:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-12 12:21 - 2016-11-16 12:45 - 00000000 ____D C:\Users\Anela\AppData\Local\Adobe
2016-12-04 15:49 - 2016-11-20 20:32 - 00000000 ____D C:\Users\Anela\Desktop\Writing
2016-12-01 20:38 - 2016-11-19 18:18 - 00000000 ____D C:\Users\Anela\AppData\Roaming\Canon
2016-12-01 16:48 - 2016-11-16 09:24 - 00000000 ____D C:\Users\Public\CrashDumps
2016-11-27 16:36 - 2014-07-16 03:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-27 16:36 - 2014-07-16 03:30 - 00000000 ____D C:\ProgramData\WildTangent
2016-11-27 16:36 - 2014-07-16 03:30 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-11-27 12:55 - 2013-08-22 10:36 - 00000000 ___SD C:\Program Files\Windows Sidebar
2016-11-27 12:55 - 2013-08-22 10:36 - 00000000 ___SD C:\Program Files (x86)\Windows Sidebar
2016-11-26 01:46 - 2016-11-15 08:53 - 10485760 _____ C:\Users\Anela\Desktop\places.sqlite_2

Some files in TEMP:
====================
C:\Users\Anela\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Anela\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-15 14:27

==================== End of FRST.txt ============================

 

 

 

 

ADDITION:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Anela (22-12-2016 23:44:01)
Running from C:\Users\Anela\Desktop
Windows 8.1 (Update) (X64) (2016-11-13 06:18:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-684047503-1092859665-3699815063-500 - Administrator - Disabled)
Anela (S-1-5-21-684047503-1092859665-3699815063-1001 - Administrator - Enabled) => C:\Users\Anela
Guest (S-1-5-21-684047503-1092859665-3699815063-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the
fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the
fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{2F503139-7C61-4A82-9B0B-59A7A110FACB}) (Version: 7.0.0 - Helmut Buhler)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
TryMyUIRecorder 1.0.2 (HKLM\...\4295-7270-9283-5586) (Version: 1.0.2 - TryMyUI, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the
fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-684047503-1092859665-3699815063-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Anela\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the
fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BECECD6-8C61-48AA-9F91-531F275620E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {35043517-0086-430E-ABF8-5369EA53DB92} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6A015419-983D-43F6-A2FC-0D40F109555C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {89D603AF-CD2B-414E-B330-03CDEB6EA0C5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {D851EBEC-9A11-4966-8807-018A7ACAF381} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {F2169209-96C2-4411-A236-366B14AEF458} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

(If an entry is included in the
fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-29 17:01 - 2015-12-29 17:01 - 00186259 _____ () C:\Program Files\Wireshark\libcares-2.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00480952 _____ () C:\Program Files\Wireshark\libGeoIP-1.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00572416 _____ () C:\Program Files\Wireshark\libgcrypt-20.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00095232 _____ () C:\Program Files\Wireshark\libgpg-error6-0.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 01019430 _____ () C:\Program Files\Wireshark\libgnutls-28.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00731675 _____ () C:\Program Files\Wireshark\libsmi-2.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00257024 _____ () C:\Program Files\Wireshark\lua52.dll
2015-12-29 17:05 - 2015-12-29 17:05 - 00110080 _____ () C:\Program Files\Wireshark\zlib1.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00447977 _____ () C:\Program Files\Wireshark\libgmp-10.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00184907 _____ () C:\Program Files\Wireshark\libhogweed-2-4.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00182365 _____ () C:\Program Files\Wireshark\libnettle-4-6.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00247415 _____ () C:\Program Files\Wireshark\libp11-kit-0.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00080653 _____ () C:\Program Files\Wireshark\libtasn1-6.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00032585 _____ () C:\Program Files\Wireshark\libffi-6.dll
2014-09-11 06:43 - 2014-09-11 06:43 - 01086976 _____ () C:\Program Files\Wireshark\platforms\qwindows.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00044544 _____ () C:\Program Files\Wireshark\imageformats\qdds.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00029184 _____ () C:\Program Files\Wireshark\imageformats\qgif.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00035328 _____ () C:\Program Files\Wireshark\imageformats\qicns.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00029696 _____ () C:\Program Files\Wireshark\imageformats\qico.dll
2014-09-11 06:48 - 2014-09-11 06:48 - 00459264 _____ () C:\Program Files\Wireshark\imageformats\qjp2.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00233984 _____ () C:\Program Files\Wireshark\imageformats\qjpeg.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00274944 _____ () C:\Program Files\Wireshark\imageformats\qmng.dll
2014-09-11 06:44 - 2014-09-11 06:44 - 00022528 _____ () C:\Program Files\Wireshark\imageformats\qsvg.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00021504 _____ () C:\Program Files\Wireshark\imageformats\qtga.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00350720 _____ () C:\Program Files\Wireshark\imageformats\qtiff.dll
2014-09-11 06:48 - 2014-09-11 06:48 - 00020480 _____ () C:\Program Files\Wireshark\imageformats\qwbmp.dll
2014-09-11 06:48 - 2014-09-11 06:48 - 00333312 _____ () C:\Program Files\Wireshark\imageformats\qwebp.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00159744 _____ () C:\Program Files\Wireshark\accessible\qtaccessiblewidgets.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-07-11 13:33 - 2013-07-11 13:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 26137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the
fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the
fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the
fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the
fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the
fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(
Currently there is no automatic fix for this section.)

HKU\S-1-5-21-684047503-1092859665-3699815063-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the
fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{A2517438-1917-41F5-B633-118205F1E51A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3FDA0A50-3C77-43CF-BE07-2D9A65613C18}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CF1B763-A5C4-4698-8F7E-FB0994EFB41F}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7EFCDAE6-1FD5-445D-9F68-F4578945E87D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-12-2016 10:45:40 Scheduled Checkpoint
13-12-2016 13:20:53 Scheduled Checkpoint
21-12-2016 12:24:46 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class
Guid:
Manufacturer:
Service:

Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class
Guid:
Manufacturer:
Service:

Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class
Guid:
Manufacturer:
Service:

Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2016 01:43:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wireshark.exe version 2.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d64

Start Time: 01d25b9e81d1c5ec

Termination Time: 12

Application Path: C:\Program Files\Wireshark\Wireshark.exe

Report Id: d8a82a93-c811-11e6-8269-b8ee65c3d830

Faulting package full name:

Faulting package-relative application ID:

Error: (12/21/2016 10:25:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wireshark.exe version 2.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c98

Start Time: 01d25a57a90ba064

Termination Time: 247

Application Path: C:\Program Files\Wireshark\Wireshark.exe

Report Id: ab6adcf3-c791-11e6-8269-b8ee65c3d830

Faulting package full name:

Faulting package-relative application ID:

Error: (12/16/2016 10:49:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/13/2016 11:07:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/13/2016 10:46:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/07/2016 08:57:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/06/2016 08:50:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/01/2016 08:37:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/01/2016 04:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Faulting module name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Exception code: 0xc0000005
Fault offset: 0x00000000000115bf
Faulting process id: 0x364
Faulting application start time: 0x01d24a5fc34554f1
Faulting application path: C:\Program Files\Wireshark\Wireshark.exe
Faulting module path: C:\Program Files\Wireshark\Wireshark.exe
Report Id: bf308d63-b80f-11e6-8262-b8ee65c3d830
Faulting package full name:
Faulting package-relative application ID:

Error: (11/26/2016 01:38:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Faulting module name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Exception code: 0xc0000005
Fault offset: 0x00000000000115bf
Faulting process id: 0x16e4
Faulting application start time: 0x01d24762d7ca6669
Faulting application path: C:\Program Files\Wireshark\Wireshark.exe
Faulting module path: C:\Program Files\Wireshark\Wireshark.exe
Report Id: e6ddb761-b3a2-11e6-8262-b8ee65c3d830
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/22/2016 07:26:23 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/22/2016 07:05:07 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/22/2016 07:04:37 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (12/21/2016 12:09:05 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/21/2016 12:08:35 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (12/20/2016 09:31:32 AM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/20/2016 09:31:01 AM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (12/19/2016 07:54:27 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (12/19/2016 07:53:57 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (12/18/2016 01:29:56 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 71%
Total physical RAM: 3979.2 MB
Available physical RAM: 1150.02 MB
Total Virtual: 6697.32 MB
Available Virtual: 2951.07 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:456.95 GB) (Free:409.26 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.76 GB) (Free:457.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B091A3A8)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

(It's usually easier to use a separate reply for each log as you get them.  That way they don't get lost.)

 

You have a proxy and I can't see why so it may be malware tho I don't see any other signs.

 
In IE,  Gear icon (Tools), Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE.
Alternatively, search for
internet options
and hit Enter then Connections, LAN Settings, then uncheck all boxes and OK
 
Reboot and go back to LAN Settings and verify that all boxes stayed unchecked.  Let me know if they do not stay unchecked.
 
 

I would uninstall:

 

SUPERAntiSpyware (just don't like the program)
WinPcap 4.1.3  (Installed with Wireshark)
Wireshark 2.0.1 (Causing errors, probably doing a lot of writing to the hard drive and we don't need it confusing things)
 
Go in to Firefox and remove the Grammarly for Firefox extension.  I've seen it cause a lot of errors and it is the one that talks about jetpack.
 
When you reverted to win 8 you lost a lot of drivers.
 
Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class 
Guid:
Manufacturer:
Service:

Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class 
Guid:
Manufacturer:
Service:

Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Device
Description: PCI Device
Class 
Guid:
Manufacturer:
Service:

Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

What make and model PC is this?  Judging by the missing drivers I would say you are missing the chipset utility so go to your pc maker's support site and find the chipset utility.  After installing it reboot then Search for

device manager

and hit Enter

 

then View, Show Hidden Drivers.  Now look  for yellow flagged devices. If you still have any: Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.

 

 

Open an elevated command prompt:
 
See the following link if you don't know how to open an elevated command prompt
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Type(with an Enter after each line):
 
 DISM  /Online  /Cleanup-Image  /RestoreHealth
 
 (I use two spaces so you can be sure to see where one space goes.)
This will take a while to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
 
Hit Enter.  Then type::
 
 
notepad  \junk.txt 
 
Hit Enter. 
 
 Copy the text from notepad and paste it into a reply.
 
 
After you finish SFC, regardless of the result:
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
Get Process Explorer (I think you already have it so no need to redownload it)
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 

  • 0

#3
ChellseyGeek

ChellseyGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

I'm not sure I understand this portion of the instructions:

 

"Type(with an Enter after each line):

 
 DISM  /Online  /Cleanup-Image  /RestoreHealth"
 
Does this mean:
 
DISM /Online [Enter]
DISM /Cleanup-Image [Enter]
DISM /RestoreHealth [Enter}
 
or
 
DISM /Online /Cleanup-Image /RestoreHealth [Enter]
 
Either way I enter it, I get error messages for:
 
DISM /Online      and for
DISM /Online /Cleanup-Image /RestoreHealth
 
If I needed to put an enter after each forward slash line, it didn't seem to make much sense to continue with the latter two commands when the first one (/Online) returned an error message.  If it's supposed to be run all on one line, I can give you the log file.  It tells me where to go retrieve it.
 
Thanks.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Sorry for the confusion.  That's the generic instructions I use for command prompt typing and often there is more than one line.  In this case there is only an enter after the whole line:

 

DISM  /Online  /Cleanup-Image  /RestoreHealth <ENTER>

 

If you do not have an elevated command prompt (the prompt does not say C:|windows\system32 ) then you will get an error because only an elevated command prompt can run the dism command.

There only needs to be a single space before each /  (I use 2 so that it's easier to see where the one space goes as the forum software tends to squash things together.  If you put two spaces in it will still work.)


  • 0

#5
ChellseyGeek

ChellseyGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

No worries.  I did use an elevated command prompt with this command:
 
DISM  /Online  /Cleanup-Image  /RestoreHealth <ENTER>
 
and got this error message:
 
"DISM failed. No operation was performed.
For more information review the log file.
The DISM log file can be found at C:\Windows\logs\DISM\dism.log"
 
I had the right command prompt. It ran to 100%.   For a reason I cannot remember, it seems a little while back I was wondering if my Admin privileges had been usurped.  I don't remember why, though.  In any case, I'm getting the above error message when attempting to complete this portion of the instructions.  So far, everything else has gone smoothly.
 
Thanks.


Edited by ChellseyGeek, 23 December 2016 - 07:06 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Can you open the log at C:\Windows\logs\DISM\dism.log and copy and paste it or attach it to a Reply?  It's a hidden system file so you have to tell windows to let you see it:

 

 

 
 
If I remember correctly there are at least two services that have to be running for Dism to work.  Windows Update and BITS.  Search for
services.msc
and hit Enter.
 
BITS is Background Intelligence Transfer Service.  Is it running?  How about windows updates?

  • 0

#7
ChellseyGeek

ChellseyGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

BITS and Windows Update are running.  I don't know if this matters but BITS is running as an automatic start whereas Windows Update says it's running but is a manual (trigger) start.

 

Here is the DISM log:

 

http://freepdfhostin.../985e8615a7.pdf

 

It's a huge file so it wouldn't paste here.  I couldn't quite figure out how to attach it as the .txt file so I converted it to pdf and put it on a pdf hosting site I use.  I hope that's OK.

 

It's Christmas Eve and I may be away for the rest of today and tomorrow to be with family.  If I can slip away for a moment or two I will but, I hope it's OK that I may be unavailable for today and tomorrow. 

 

Thanks.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Delays are no problem.  I don't keep track.

 

If that's the complete dism log then the problem is that you have the date set wrong.  Certainly not 2014 anymore.

 

To attach a file: 

 

More Reply Options, Choose File, Open, Attach This File


  • 0

#9
ChellseyGeek

ChellseyGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

OK.  Ummm.... that's interesting.  I'm looking at my calendar in the bottom right hand corner right now and it says 2016; 12-26-2016 to be exact.  I am also correctly set on Eastern Standard Time.  So, apparently somewhere my system is disagreeing with itself.  Do you know where I would go to correct this discrepancy? 

 

Thanks.


Edited by ChellseyGeek, 26 December 2016 - 09:04 AM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

If the clock is showing correctly then It could be that dism was run back in 2014 and that either the new log didn't get saved or you didn't get it all when you converted it to a pdf.  Can you just attach  C:\Windows\logs\DISM\dism.log


  • 0

Advertisements


#11
ChellseyGeek

ChellseyGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

DISM log attached. 

 

Thank You.

 

This is an edit.  For some reason I can't see where the attachment went through.  Please let me know if you didn't get it.  Thanks again.


Edited by ChellseyGeek, 26 December 2016 - 10:31 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Didn't work.

 

It's a two step process.  First you have to choose the file and hit open then you have to Attach the chosen file.


  • 0

#13
ChellseyGeek

ChellseyGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Attached File  dism.log   462.9KB   38 downloads  OK.  I think I may have gotten it this time.  I didn't see the "add to post" button after uploading and attaching. 

 

Thanks again.

 

Edit:  Yup.  That got it.  


Edited by ChellseyGeek, 26 December 2016 - 11:22 AM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

OK.  The log shows a lot more info than before and some of recent vintage so the clock is OK.  The first log was truncated.  

 

Try doing a disk check first. 

 

https://www.tekrevue...k-in-windows-8/

 

This will take a few hours depending on the size of your drive.

 

Once it finishes then try the

 

 DISM  /Online  /Cleanup-Image  /RestoreHealth <ENTER>

 

If Dism stills fails then try 

 

sfc /scannow <ENTER>

 

 

 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
 
Hit Enter.  Then type::
 
 
notepad  \junk.txt 
 
Hit Enter.
 
If it gave one fo the first two results then try the dism command again.

  • 0

#15
ChellseyGeek

ChellseyGeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Can I do other things on the computer while I am waiting for the disk scan to complete?  I can make other arrangements to get online if I need to, I just prefer using my laptop for a lot of things so, that's why I ask. My drive is 500GB.

 

Thanks.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP