Typing this is a challenge. My keyboard isn't working right. For some reason when I type, I get four or five words typed and then all of a sudden my cursor will jump into the middle of an already typed line while I'm typing or other weird stuff will happen like I hit the space bar and the screen or page jumps to the bottom. I'm concerned that I may have a keylogger and would like to know if I do. Whatever is going on, it is getting really bad. My computer is writing to disk an awful lot when there is plenty of memory to spare. I had Windows 10 but forgot to create a recovery disk and somehow I got locked out of my desktop - my password stopped working. I ended up having to roll back to Windows 8.1 but the problems just continue to get worse. I can't update virus definitions for Windows Defender. it just hangs up and sits for hours in the middle of the update. MalwareBytes can't seem to find a problem. Three times as I've been writing this, all of the type highlights and erases itself out-of-blue. Even when the cursor isn't jumping all over the place, it can sometimes take hours for me to type a paragraph. I type 120wpm easily and my keyboard no longer comes anywhere near keeping up with me. It can get hung up in the middle of a sentence and take 20 or more minutes to stop hanging up. This incredibly frustrating.
My browser (Firefox) often goes into "not responding" mode for 10-15 minutes at a time. I get "not responding" messages about scripts that have the word "jetpack" in them. I'm not running any more stuff than I always have and yet, I get these hangups all-to-often.
Help!? Thank You.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Anela (administrator) on SICKANDTIRED (22-12-2016 23:42:38)
Running from C:\Users\Anela\Desktop
Loaded Profiles: Anela (Available Profiles: Anela)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Sysinternals - www.sysinternals.com) C:\Users\Anela\Desktop\Clean Up Tools\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Anela\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The Wireshark developer community, hxxp://www.wireshark.org/) C:\Program Files\Wireshark\Wireshark.exe
(The Wireshark developer community) C:\Program Files\Wireshark\dumpcap.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SwitchToDesktop] => C:\OEM\preload\command\AlaunchX\SendDesktop.scf [101 2013-09-26] ()
HKLM\...\Run: [New Acer AlaunchX] => C:\OEM\preload\command\AlaunchX\AlaunchX.exe [1876232 2014-05-18] (Acer Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-14] (SUPERAntiSpyware)
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\...\MountPoints2: {67d41f76-ab37-11e6-825a-b8ee65c3d830} - "G:\VZW_Software_upgrade_assistant.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\Users\Anela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-11-16]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Anela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk [2016-11-27]
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-684047503-1092859665-3699815063-1001] => http=127.0.0.1:64550;https=127.0.0.1:64550
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{FACA83E1-3147-4942-B8CC-0EAC09777A0F}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-684047503-1092859665-3699815063-1001 -> DefaultScope {24DE9D49-2644-41DF-85C7-2CEC88C7A731} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-27] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
FireFox:
========
FF DefaultProfile: bng6vkbd.default
FF ProfilePath: C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default [2016-12-22]
FF NetworkProxy: Mozilla\Firefox\Profiles\bng6vkbd.default -> type", 0
FF Extension: (Grammarly for Firefox) - C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default\Extensions\[email protected] [2016-11-21]
FF Extension: (NoScript) - C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-12-01]
FF Extension: (No Name) - C:\Users\Anela\AppData\Roaming\Mozilla\Firefox\Profiles\bng6vkbd.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-12-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => not found
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-27] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default [2016-12-22]
CHR Extension: (Google Slides) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-27]
CHR Extension: (Google Docs) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-08]
CHR Extension: (Google Drive) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-27]
CHR Extension: (YouTube) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-27]
CHR Extension: (Google Sheets) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-27]
CHR Extension: (Gmail) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-08]
CHR Extension: (Chrome Media Router) - C:\Users\Anela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-29] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2016-11-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-11-13] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\siteadvisor\mcsacore.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2016-11-13] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [237400 2016-11-13] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2016-11-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-22 23:42 - 2016-12-22 23:43 - 00015246 _____ C:\Users\Anela\Desktop\FRST.txt
2016-12-22 23:40 - 2016-12-22 23:40 - 02420736 _____ (Farbar) C:\Users\Anela\Desktop\FRST64.exe
2016-12-20 16:52 - 2016-12-20 16:52 - 00038998 _____ C:\Users\Anela\Documents\MMPI Loyola University.odt
2016-12-20 15:43 - 2016-12-20 15:43 - 00565665 ____T C:\Users\Anela\Documents\Wendy McKee Property Owner Information.oxps
2016-12-20 15:39 - 2016-12-20 16:39 - 00000000 ____D C:\Users\Anela\Documents\People Find
2016-12-18 20:18 - 2016-12-18 20:18 - 00348553 ____T C:\Users\Anela\Documents\Capital One Payment 12_18_2016 818pm.oxps
2016-12-17 02:01 - 2016-12-22 20:47 - 00027408 _____ C:\Users\Anela\Documents\Letter to Wendy McKee.odt
2016-12-17 02:01 - 2016-12-22 20:47 - 00000117 ____H C:\Users\Anela\Documents\.~lock.Letter to Wendy McKee.odt#
2016-12-17 00:59 - 2016-12-17 00:59 - 00404286 ____T C:\Users\Anela\Documents\Amazon Return Label for Tan Lamp for mom for xmas.oxps
2016-12-17 00:33 - 2016-12-17 00:33 - 00510095 ____T C:\Users\Anela\Documents\Walmart CCD Payment 12_17_2016 1233am.oxps
2016-12-16 23:58 - 2016-12-16 23:58 - 00295303 ____T C:\Users\Anela\Documents\Chase Payment 12_16_2016 1158pm.oxps
2016-12-16 23:40 - 2016-12-16 23:40 - 00528180 ____T C:\Users\Anela\Documents\Amazon Payment 12_16_2016 1140PM.oxps
2016-12-16 23:30 - 2016-12-16 23:30 - 00373744 ____T C:\Users\Anela\Documents\PayPal Payment 12_16_2016 1130pm.oxps
2016-12-14 16:02 - 2016-12-14 16:02 - 00000354 _____ C:\Users\Anela\Desktop\All Control Panel Items - Shortcut.lnk
2016-12-14 13:08 - 2016-12-14 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-14 00:03 - 2016-12-14 00:03 - 00000000 ____D C:\Users\Anela\AppData\Roaming\SUPERAntiSpyware.com
2016-12-13 23:44 - 2016-12-14 15:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-13 23:44 - 2016-12-13 23:44 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-13 23:44 - 2016-12-13 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-13 23:23 - 2016-12-13 23:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-13 23:15 - 2016-12-14 15:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-13 23:15 - 2016-12-13 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-13 23:15 - 2016-12-13 23:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-13 23:15 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-12-13 23:15 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-13 23:15 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-13 20:52 - 2016-12-22 19:53 - 00000000 ____D C:\Users\Anela\AppData\Local\ClassicShell
2016-12-13 20:51 - 2016-12-13 20:51 - 00000000 ____D C:\Users\Anela\AppData\Roaming\ClassicShell
2016-12-13 18:19 - 2016-12-13 18:35 - 00000000 ____D C:\Program Files\Classic Shell
2016-12-13 18:19 - 2016-12-13 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-12-13 18:18 - 2016-02-10 19:24 - 38494576 _____ (Apple Inc.) C:\Users\Anela\Downloads\SafariSetup.exe
2016-12-13 18:18 - 2016-02-05 22:15 - 00602112 _____ (OldTimer Tools) C:\Users\Anela\Downloads\OTL.exe
2016-12-13 18:18 - 2016-02-05 22:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Anela\Downloads\HijackThis.exe
2016-12-13 18:18 - 2016-02-05 20:03 - 22908888 _____ (Malwarebytes ) C:\Users\Anela\Downloads\mbam-setup-2.2.0.1024.exe
2016-12-13 18:18 - 2016-02-05 19:15 - 06968048 _____ (IvoSoft) C:\Users\Anela\Downloads\ClassicShellSetup_4_2_5.exe
2016-12-13 18:18 - 2016-02-03 18:00 - 17935112 _____ C:\Users\Anela\Downloads\InstallScreenRecorderLauncher-2.0.exe
2016-12-13 18:18 - 2016-02-02 17:49 - 111671512 _____ (WhatUsersDo Ltd ) C:\Users\Anela\Downloads\whatusersdo-recorder.exe
2016-12-13 18:18 - 2016-02-02 16:58 - 24394248 _____ C:\Users\Anela\Downloads\InstallUserTestingPlugin-v1.8.exe
2016-12-13 18:18 - 2016-01-29 20:39 - 96819488 _____ (The GIMP Team ) C:\Users\Anela\Downloads\gimp-2.8.16-setup.exe
2016-12-13 18:17 - 2016-02-17 22:18 - 88572984 _____ (TryMyUI, Inc.) C:\Users\Anela\Downloads\TryMyUIRecorder_windows_1_0_2.exe
2016-12-13 18:17 - 2016-02-06 18:05 - 24642208 _____ (SUPERAntiSpyware) C:\Users\Anela\Downloads\SUPERAntiSpyware.exe
2016-12-13 18:17 - 2013-07-27 22:36 - 11840744 _____ (Outercurve Foundation) C:\Users\Anela\Downloads\TaskMerlinSetup.exe
2016-12-12 15:14 - 2016-12-12 15:15 - 00000000 ____D C:\Users\Anela\Documents\facebook-AngelaSullivan1981_on 12 4 2016 1226am before acct deletion
2016-12-12 12:21 - 2016-12-22 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-12 12:21 - 2016-12-17 02:06 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-12 12:21 - 2016-12-15 15:29 - 00003864 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-12-12 12:21 - 2016-12-15 15:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-08 21:53 - 2016-12-08 21:56 - 00000000 ____D C:\Users\Anela\Downloads\bookmark_merger-0.2.3.exe
2016-12-08 21:51 - 2016-12-08 21:51 - 01878323 _____ C:\Users\Anela\Downloads\bookmark_merger-0.2.3.exe.zip
2016-12-08 21:40 - 2016-12-08 21:28 - 31457280 _____ C:\Users\Anela\Desktop\places.sqlite__reinstalled into ff from backup after win 10 crash
2016-12-08 02:05 - 2016-12-22 01:06 - 00000000 ____D C:\Users\Anela\Desktop\Work Product
2016-12-07 22:23 - 2016-12-07 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-12-07 22:23 - 2016-12-07 22:23 - 00000000 ____D C:\Program Files\7-Zip
2016-12-07 22:21 - 2016-12-07 22:21 - 01381582 _____ (Igor Pavlov) C:\Users\Anela\Downloads\7z1604-x64.exe
2016-12-06 22:44 - 2016-12-06 22:45 - 00002276 _____ C:\Users\Anela\Documents\test.odb
2016-12-06 13:59 - 2016-12-06 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TryMyUIRecorder
2016-12-06 13:59 - 2016-12-06 13:59 - 00000000 ____D C:\Program Files\TryMyUIRecorder
2016-12-06 13:44 - 2016-12-06 13:54 - 00000000 ____D C:\Users\Anela\.oracle_jre_usage
2016-12-06 13:42 - 2016-12-06 13:43 - 92229176 _____ (TryMyUI, Inc.) C:\Users\Anela\Downloads\TryMyUIRecorder_windows-x64_1_0_2.exe
2016-12-04 15:51 - 2016-12-21 17:35 - 00000000 ____D C:\Users\Anela\Desktop\Notes
2016-12-04 15:49 - 2016-12-21 11:51 - 00000000 ____D C:\Users\Anela\Desktop\Finances
2016-12-04 00:20 - 2016-12-04 00:20 - 05505045 _____ C:\Users\Anela\Documents\facebook-AngelaSullivan1981_on 12 4 2016 1226am before acct deletion.zip
2016-12-02 02:43 - 2016-12-02 02:43 - 00260469 _____ C:\Users\Anela\Documents\The Worst Scars are in the mind International Review of the Red Cross.pdf
2016-12-02 01:40 - 2016-12-02 01:40 - 00619327 ____T C:\Users\Anela\Documents\Best Jehovahs Witness Breach of Confidentiality.oxps
2016-12-02 01:37 - 2016-12-02 01:37 - 00607258 ____T C:\Users\Anela\Documents\Watchtower spies and secret agents page 2.oxps
2016-12-02 01:35 - 2016-12-02 01:35 - 00582807 ____T C:\Users\Anela\Documents\Jehovahs Witnesses Spies and Secret Agents.oxps
2016-12-01 21:39 - 2016-12-01 21:39 - 00281659 ____T C:\Users\Anela\Documents\MonySingh payment 12 1 2016 938pm.oxps
2016-11-30 12:35 - 2016-11-30 12:35 - 00448701 ____T C:\Users\Anela\Documents\Paula Heinrich Pensacola Florida ages 60 to 90.oxps
2016-11-30 12:31 - 2016-11-30 12:31 - 00408717 ____T C:\Users\Anela\Documents\Paula Heinrich Pensacola Florida USSEARCH age 70.oxps
2016-11-30 12:29 - 2016-11-30 12:29 - 00433648 ____T C:\Users\Anela\Documents\Paula Hunt Heinrich Pensacola Fl address and phone.oxps
2016-11-30 12:28 - 2016-11-30 12:28 - 00466942 ____T C:\Users\Anela\Documents\Paula Heinrich property record Pensacola Fl.oxps
2016-11-30 12:25 - 2016-11-30 12:25 - 00169544 ____T C:\Users\Anela\Documents\Paula Heinrich Pensacola Florida Whitepages dot com.oxps
2016-11-29 22:39 - 2016-11-29 22:39 - 00335048 ____T C:\Users\Anela\Documents\Merrick Bank Payment 11_29_2016 1039pm.oxps
2016-11-29 22:31 - 2016-11-29 22:31 - 00218414 ____T C:\Users\Anela\Documents\Barclays 11_29_2016 1030pm.oxps
2016-11-29 22:20 - 2016-11-29 22:20 - 00203436 ____T C:\Users\Anela\Documents\Wells Fargo CCD Payment 11_29_2016 1020PM.oxps
2016-11-28 21:12 - 2016-11-28 21:13 - 00352770 ____T C:\Users\Anela\Documents\Maritz Mystery Shop Independent Contractor agreement.oxps
2016-11-28 21:08 - 2016-11-28 21:08 - 00273498 ____T C:\Users\Anela\Documents\Maritz Mystery Shop W9.oxps
2016-11-27 23:38 - 2016-11-27 23:38 - 00768379 ____T C:\Users\Anela\Documents\Brian Boyle decatur AL email.oxps
2016-11-27 23:31 - 2016-11-27 23:32 - 00464332 ____T C:\Users\Anela\Documents\Brian Boyle decatur AL address and phone.oxps
2016-11-27 22:33 - 2016-11-27 22:33 - 00380551 ____T C:\Users\Anela\Documents\Ruth Paulette Story address and phone in decatur AL.oxps
2016-11-27 22:27 - 2016-11-27 22:27 - 00177435 ____T C:\Users\Anela\Documents\Hugh and Wanda address and phone.oxps
2016-11-27 22:26 - 2016-11-27 22:26 - 00000000 ____T C:\Users\Anela\Documents\Hugh and Wanda original property purchase record tampa, fl.oxps
2016-11-27 22:23 - 2016-11-27 22:23 - 01093844 ____T C:\Users\Anela\Documents\Hugh and Wanda property record tampa florida.oxps
2016-11-27 22:22 - 2016-11-27 22:22 - 00317135 ____T C:\Users\Anela\Documents\Hugh and Wanda home put in revocable trust.oxps
2016-11-27 17:27 - 2016-12-14 21:07 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-27 17:27 - 2016-12-14 21:07 - 00002167 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-27 17:26 - 2016-12-16 15:32 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-27 17:25 - 2016-12-16 15:32 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-27 17:25 - 2016-11-27 17:36 - 00000000 ____D C:\Users\Anela\AppData\Local\Google
2016-11-27 17:25 - 2016-11-27 17:26 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-27 17:24 - 2016-11-27 17:24 - 01065376 _____ (Google Inc.) C:\Users\Anela\Downloads\ChromeSetup(1).exe
2016-11-27 17:23 - 2016-11-27 17:23 - 01065376 _____ (Google Inc.) C:\Users\Anela\Downloads\ChromeSetup.exe
2016-11-27 17:04 - 2016-11-27 17:05 - 00000000 ____D C:\ProgramData\Oracle
2016-11-27 17:04 - 2016-11-27 17:04 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\Users\Anela\AppData\Roaming\Sun
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\Users\Anela\AppData\LocalLow\Sun
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-27 17:04 - 2016-11-27 17:04 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-27 16:36 - 2016-11-27 16:36 - 00000000 ____D C:\Users\Anela\AppData\Roaming\WildTangent
2016-11-27 16:29 - 2016-11-27 16:29 - 00737344 _____ (Oracle Corporation) C:\Users\Anela\Downloads\jxpiinstall.exe
2016-11-27 12:57 - 2016-11-27 13:00 - 00000000 ____D C:\Users\Anela\AppData\Local\Sidebar7
2016-11-27 12:57 - 2016-11-27 12:57 - 00000000 ____D C:\Users\Anela\AppData\Local\Clipboarder
2016-11-27 12:55 - 2016-11-27 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2016-11-27 12:43 - 2013-07-28 17:09 - 17948672 _____ C:\Users\Anela\Downloads\8GadgetPackSetup.msi
2016-11-22 17:58 - 2016-11-22 17:58 - 00119331 _____ C:\Users\Anela\Documents\Form W9 Independent Contractor.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-22 23:42 - 2016-11-13 01:25 - 00000000 ____D C:\FRST
2016-12-22 01:07 - 2016-11-19 18:20 - 00000000 ____D C:\Users\Anela\AppData\LocalLow\Mozilla
2016-12-22 01:06 - 2016-11-15 13:14 - 00000000 ____D C:\Users\Anela\Desktop\Clean Up Tools
2016-12-20 19:48 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-15 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-15 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-14 23:52 - 2016-11-13 01:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-684047503-1092859665-3699815063-1001
2016-12-14 15:41 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-12-14 15:40 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-12-14 15:33 - 2016-11-15 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 15:33 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-14 15:32 - 2016-11-18 14:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-12-13 22:54 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-13 20:52 - 2016-11-13 01:18 - 00000000 ____D C:\Users\Anela
2016-12-13 13:06 - 2014-03-18 05:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-12 12:21 - 2016-11-16 12:45 - 00000000 ____D C:\Users\Anela\AppData\Local\Adobe
2016-12-04 15:49 - 2016-11-20 20:32 - 00000000 ____D C:\Users\Anela\Desktop\Writing
2016-12-01 20:38 - 2016-11-19 18:18 - 00000000 ____D C:\Users\Anela\AppData\Roaming\Canon
2016-12-01 16:48 - 2016-11-16 09:24 - 00000000 ____D C:\Users\Public\CrashDumps
2016-11-27 16:36 - 2014-07-16 03:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-27 16:36 - 2014-07-16 03:30 - 00000000 ____D C:\ProgramData\WildTangent
2016-11-27 16:36 - 2014-07-16 03:30 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-11-27 12:55 - 2013-08-22 10:36 - 00000000 ___SD C:\Program Files\Windows Sidebar
2016-11-27 12:55 - 2013-08-22 10:36 - 00000000 ___SD C:\Program Files (x86)\Windows Sidebar
2016-11-26 01:46 - 2016-11-15 08:53 - 10485760 _____ C:\Users\Anela\Desktop\places.sqlite_2
Some files in TEMP:
====================
C:\Users\Anela\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Anela\AppData\Local\Temp\procexp64.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-15 14:27
==================== End of FRST.txt ============================
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Anela (22-12-2016 23:44:01)
Running from C:\Users\Anela\Desktop
Windows 8.1 (Update) (X64) (2016-11-13 06:18:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-684047503-1092859665-3699815063-500 - Administrator - Disabled)
Anela (S-1-5-21-684047503-1092859665-3699815063-1001 - Administrator - Enabled) => C:\Users\Anela
Guest (S-1-5-21-684047503-1092859665-3699815063-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{2F503139-7C61-4A82-9B0B-59A7A110FACB}) (Version: 7.0.0 - Helmut Buhler)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
TryMyUIRecorder 1.0.2 (HKLM\...\4295-7270-9283-5586) (Version: 1.0.2 - TryMyUI, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-684047503-1092859665-3699815063-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Anela\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BECECD6-8C61-48AA-9F91-531F275620E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {35043517-0086-430E-ABF8-5369EA53DB92} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6A015419-983D-43F6-A2FC-0D40F109555C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-27] (Google Inc.)
Task: {89D603AF-CD2B-414E-B330-03CDEB6EA0C5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {D851EBEC-9A11-4966-8807-018A7ACAF381} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {F2169209-96C2-4411-A236-366B14AEF458} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-29 17:01 - 2015-12-29 17:01 - 00186259 _____ () C:\Program Files\Wireshark\libcares-2.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00480952 _____ () C:\Program Files\Wireshark\libGeoIP-1.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00572416 _____ () C:\Program Files\Wireshark\libgcrypt-20.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00095232 _____ () C:\Program Files\Wireshark\libgpg-error6-0.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 01019430 _____ () C:\Program Files\Wireshark\libgnutls-28.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00731675 _____ () C:\Program Files\Wireshark\libsmi-2.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00257024 _____ () C:\Program Files\Wireshark\lua52.dll
2015-12-29 17:05 - 2015-12-29 17:05 - 00110080 _____ () C:\Program Files\Wireshark\zlib1.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00447977 _____ () C:\Program Files\Wireshark\libgmp-10.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00184907 _____ () C:\Program Files\Wireshark\libhogweed-2-4.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00182365 _____ () C:\Program Files\Wireshark\libnettle-4-6.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00247415 _____ () C:\Program Files\Wireshark\libp11-kit-0.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00080653 _____ () C:\Program Files\Wireshark\libtasn1-6.dll
2015-12-29 17:01 - 2015-12-29 17:01 - 00032585 _____ () C:\Program Files\Wireshark\libffi-6.dll
2014-09-11 06:43 - 2014-09-11 06:43 - 01086976 _____ () C:\Program Files\Wireshark\platforms\qwindows.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00044544 _____ () C:\Program Files\Wireshark\imageformats\qdds.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00029184 _____ () C:\Program Files\Wireshark\imageformats\qgif.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00035328 _____ () C:\Program Files\Wireshark\imageformats\qicns.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00029696 _____ () C:\Program Files\Wireshark\imageformats\qico.dll
2014-09-11 06:48 - 2014-09-11 06:48 - 00459264 _____ () C:\Program Files\Wireshark\imageformats\qjp2.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00233984 _____ () C:\Program Files\Wireshark\imageformats\qjpeg.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00274944 _____ () C:\Program Files\Wireshark\imageformats\qmng.dll
2014-09-11 06:44 - 2014-09-11 06:44 - 00022528 _____ () C:\Program Files\Wireshark\imageformats\qsvg.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00021504 _____ () C:\Program Files\Wireshark\imageformats\qtga.dll
2014-09-11 06:47 - 2014-09-11 06:47 - 00350720 _____ () C:\Program Files\Wireshark\imageformats\qtiff.dll
2014-09-11 06:48 - 2014-09-11 06:48 - 00020480 _____ () C:\Program Files\Wireshark\imageformats\qwbmp.dll
2014-09-11 06:48 - 2014-09-11 06:48 - 00333312 _____ () C:\Program Files\Wireshark\imageformats\qwebp.dll
2014-09-11 06:42 - 2014-09-11 06:42 - 00159744 _____ () C:\Program Files\Wireshark\accessible\qtaccessiblewidgets.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-07-11 13:33 - 2013-07-11 13:33 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2013-07-10 22:08 - 2013-07-10 22:08 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 26137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-684047503-1092859665-3699815063-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{A2517438-1917-41F5-B633-118205F1E51A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3FDA0A50-3C77-43CF-BE07-2D9A65613C18}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CF1B763-A5C4-4698-8F7E-FB0994EFB41F}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7EFCDAE6-1FD5-445D-9F68-F4578945E87D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
06-12-2016 10:45:40 Scheduled Checkpoint
13-12-2016 13:20:53 Scheduled Checkpoint
21-12-2016 12:24:46 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Device
Description: PCI Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2016 01:43:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wireshark.exe version 2.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d64
Start Time: 01d25b9e81d1c5ec
Termination Time: 12
Application Path: C:\Program Files\Wireshark\Wireshark.exe
Report Id: d8a82a93-c811-11e6-8269-b8ee65c3d830
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2016 10:25:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wireshark.exe version 2.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: c98
Start Time: 01d25a57a90ba064
Termination Time: 247
Application Path: C:\Program Files\Wireshark\Wireshark.exe
Report Id: ab6adcf3-c791-11e6-8269-b8ee65c3d830
Faulting package full name:
Faulting package-relative application ID:
Error: (12/16/2016 10:49:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (12/13/2016 11:07:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (12/13/2016 10:46:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (12/07/2016 08:57:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (12/06/2016 08:50:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (12/01/2016 08:37:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (12/01/2016 04:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Faulting module name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Exception code: 0xc0000005
Fault offset: 0x00000000000115bf
Faulting process id: 0x364
Faulting application start time: 0x01d24a5fc34554f1
Faulting application path: C:\Program Files\Wireshark\Wireshark.exe
Faulting module path: C:\Program Files\Wireshark\Wireshark.exe
Report Id: bf308d63-b80f-11e6-8262-b8ee65c3d830
Faulting package full name:
Faulting package-relative application ID:
Error: (11/26/2016 01:38:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Faulting module name: Wireshark.exe, version: 2.0.1.0, time stamp: 0x568306fc
Exception code: 0xc0000005
Fault offset: 0x00000000000115bf
Faulting process id: 0x16e4
Faulting application start time: 0x01d24762d7ca6669
Faulting application path: C:\Program Files\Wireshark\Wireshark.exe
Faulting module path: C:\Program Files\Wireshark\Wireshark.exe
Report Id: e6ddb761-b3a2-11e6-8262-b8ee65c3d830
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (12/22/2016 07:26:23 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (12/22/2016 07:05:07 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (12/22/2016 07:04:37 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (12/21/2016 12:09:05 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (12/21/2016 12:08:35 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (12/20/2016 09:31:32 AM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (12/20/2016 09:31:01 AM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (12/19/2016 07:54:27 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (12/19/2016 07:53:57 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (12/18/2016 01:29:56 PM) (Source: DCOM) (EventID: 10010) (User: SickAndTired)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 71%
Total physical RAM: 3979.2 MB
Available physical RAM: 1150.02 MB
Total Virtual: 6697.32 MB
Available Virtual: 2951.07 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:456.95 GB) (Free:409.26 GB) NTFS
Drive d: (DATA) (Fixed) (Total:457.76 GB) (Free:457.61 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B091A3A8)
Partition: GPT.
==================== End of Addition.txt ============================