GeekPolice Tech TutorialsLog in

 

Computer acting weird

Share

descriptionSolvedComputer acting weird

more_horiz
When I click on a picture on Facebook, it just flashes back and forth between the picture on that persons page and the black background that normally comes up when you click on a picture.  There are also some pictures on Facebook and other pages that just don't show up.  There's an empty block there.  I've noticed it's slow pulling up other pages like my email.  I am running Windows 10 on a laptop.  I've ran scans with Trend Micro, Malwarebytes, and SuperAntiSpyware.  SAS found and removed a bunch of cookies, but that's it.  The other two found nothing.  Here are the FRST scan results.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by Melesia (administrator) on TULLY_LAPTOP (03-03-2017 20:39:35)
Running from C:\Users\Melesia\Desktop
Loaded Profiles: Melesia (Available Profiles: Melesia & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\InstallWorkspace.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Facebook) C:\Users\Melesia\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The CefSharp Authors) C:\Users\Melesia\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Users\Melesia\AppData\Local\Apps\2.0\D5B80TYH.XH0\9E9O1NO5.WWN\lsb...tion_91a10ba61c75c82d_0001.0006_014be6b8b4b27d94\LSB.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.452.0_x64__8wekyb3d8bbwe\Time.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\chrome_extension2\host\chrome_native_msg_host.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [78752 2016-07-27] ()
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [256744 2016-07-24] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266176 2016-07-24] (Trend Micro Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\...\RunOnce: [Uninstall 17.3.6743.1212\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64"
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\...\RunOnce: [Uninstall 17.3.6743.1212] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6743.1212"
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2016-07-24] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
Startup: C:\Users\Melesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-02-04]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Melesia\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{336ead84-a328-409a-befe-2311ba29d647}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{ed2686af-91ac-42c2-a0dc-9492dc6f4ad1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKU\S-1-5-21-3240382664-3217752032-3399020223-1001 -> DefaultScope {87ED4548-102D-4337-B283-C0DC4E9ED816} URL = 
SearchScopes: HKU\S-1-5-21-3240382664-3217752032-3399020223-1001 -> {6A64EA20-5465-4D1A-B5B7-5A3A256C1580} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3240382664-3217752032-3399020223-1001 -> {87ED4548-102D-4337-B283-C0DC4E9ED816} URL = 
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll [2016-04-25] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-29] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll [2016-04-25] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-29] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll [2016-04-25] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll [2016-04-25] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)

FireFox:
========
FF DefaultProfile: e9pejw1d.default
FF ProfilePath: C:\Users\Melesia\AppData\Roaming\Mozilla\Firefox\Profiles\e9pejw1d.default [2017-03-02]
FF Extension: (All Aboard) - C:\Users\Melesia\AppData\Roaming\Mozilla\Firefox\Profiles\e9pejw1d.default\Extensions\@all-aboard-v1 [2016-07-24]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2017-01-02]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2017-01-02]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-01-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=dss_yset_chr__PARAM__
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Slides) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-17]
CHR Extension: (Yahoo Web) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-30]
CHR Extension: (Google Docs) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Google Drive) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2016-08-31]
CHR Extension: (Google Search) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-17]
CHR Extension: (Clearly) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2017-02-28]
CHR Extension: (Trend Micro Password Manager) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2015-07-10]
CHR Extension: (Gmail) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hikeppggmbhdgodhakicedaejpleoigm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] -
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-26] (SUPERAntiSpyware.com)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [532040 2016-09-02] (VMware, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-29] (ELAN Microelectronics Corp.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [234400 2016-07-27] ()
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [6313376 2016-08-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [326296 2015-11-05] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2015-11-05] ()
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1145856 2016-07-24] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe [1169992 2016-08-25] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [275872 2016-07-26] (VMware)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [142552 2016-08-07] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [435416 2016-08-07] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [143648 2016-06-20] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [117984 2016-08-07] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [111840 2016-09-30] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [132888 2016-05-16] (Trend Micro Inc.)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 20:39 - 2017-03-03 20:40 - 00027887 _____ C:\Users\Melesia\Desktop\FRST.txt
2017-03-03 20:37 - 2017-03-03 20:38 - 02423808 _____ (Farbar) C:\Users\Melesia\Desktop\FRST64.exe
2017-03-02 20:12 - 2017-03-02 20:12 - 00000000 ___HD C:\OneDriveTemp
2017-02-05 09:45 - 2017-02-05 09:45 - 00008844 _____ C:\Users\Melesia\Documents\date.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 20:39 - 2016-11-27 18:33 - 00000000 ____D C:\FRST
2017-03-03 20:06 - 2016-09-25 22:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-02 21:02 - 2016-03-14 19:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-02 20:31 - 2015-06-18 19:51 - 00000010 _____ C:\Users\Melesia\AppData\Local\sponge.last.runtime.cache
2017-03-02 20:18 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-02 20:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-02 20:12 - 2016-12-15 19:15 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 20:12 - 2015-08-02 19:32 - 00002427 _____ C:\Users\Melesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-02 20:12 - 2015-05-16 20:47 - 00000000 ___RD C:\Users\Melesia\OneDrive
2017-02-26 19:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-26 18:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-26 18:41 - 2016-11-21 08:18 - 00000000 ____D C:\Users\Melesia\AppData\Roaming\VMware
2017-02-26 18:41 - 2015-12-06 16:47 - 00000000 ____D C:\Users\Melesia\AppData\Roaming\Nitro
2017-02-26 11:18 - 2015-05-16 12:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-26 11:13 - 2015-05-16 12:01 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-26 09:51 - 2016-09-25 22:16 - 00000000 ____D C:\Users\Melesia
2017-02-26 09:24 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-26 09:21 - 2016-09-25 22:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-26 09:21 - 2015-08-01 08:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-26 09:20 - 2016-07-16 01:04 - 03670016 _____ C:\WINDOWS\system32\config\BBI
2017-02-25 08:38 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-25 08:09 - 2016-05-11 20:47 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-25 08:09 - 2016-04-10 16:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 21:45 - 2015-05-23 12:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 21:02 - 2013-06-09 09:33 - 00000000 ____D C:\Users\Melesia\Documents\My Digital Editions
2017-02-18 19:41 - 2016-09-25 22:50 - 00004032 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-18 19:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-18 19:40 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-06 19:11 - 2015-12-05 19:32 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 19:11 - 2015-12-05 19:32 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-04 11:51 - 2016-10-30 10:25 - 00001299 _____ C:\Users\Melesia\Desktop\Facebook Gameroom.lnk
2017-02-04 11:51 - 2016-10-30 10:25 - 00000000 ____D C:\Users\Melesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-02-03 20:41 - 2015-11-21 19:17 - 00000000 ____D C:\Users\Melesia\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2015-05-17 10:17 - 2015-05-17 10:17 - 0000036 _____ () C:\Users\Melesia\AppData\Local\housecall.guid.cache
2015-06-18 19:51 - 2017-03-02 20:31 - 0000010 _____ () C:\Users\Melesia\AppData\Local\sponge.last.runtime.cache
2016-09-25 22:10 - 2016-09-25 22:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-17 17:06 - 2015-07-03 22:48 - 0000040 _____ () C:\ProgramData\InstallerWebUI.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-02 23:49

==================== End of FRST.txt ============================

descriptionSolvedRe: Computer acting weird

more_horiz
And the addition.txt file

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2017
Ran by Melesia (03-03-2017 20:41:54)
Running from C:\Users\Melesia\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-26 03:56:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3240382664-3217752032-3399020223-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3240382664-3217752032-3399020223-503 - Limited - Disabled)
Guest (S-1-5-21-3240382664-3217752032-3399020223-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3240382664-3217752032-3399020223-1009 - Limited - Enabled)
Melesia (S-1-5-21-3240382664-3217752032-3399020223-1001 - Administrator - Enabled) => C:\Users\Melesia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Facebook Gameroom 1.2.1.5 (HKLM-x32\...\{61373D8E-915C-49C2-B9B9-1834EBD9B64B}) (Version: 1.2.1.5 - Facebook)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.1.1 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nitro Pro 10 (HKLM-x32\...\{745003a9-107a-4ea3-ad73-02bb6b93a5d3}) (Version: 10.5.6.14 - Nitro)
Nitro Pro 10 (Version: 10.5.6.14 - Nitro) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 11.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1189 - Trend Micro Inc.)
Trend Micro Titanium (Version: 11.0 - Trend Micro Inc.) Hidden
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0.1068 - Trend Micro Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VMware Horizon Client (HKLM\...\{9A01376A-2582-493C-A352-8E2529D17F2C}) (Version: 4.2.0.2831 - VMware, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EA4B086-ACDD-49E7-9B4A-C7BF6FCFD0CE} - \WPD\SqmUpload_S-1-5-21-3240382664-3217752032-3399020223-1001 -> No File <==== ATTENTION
Task: {167131A3-2F87-43B0-AE13-5BB82C4F08DE} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {1CC21E52-AC49-4B0F-92EC-F39CC7CA7FCA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {21C18A30-4931-425C-A29C-AD9EBDD39A9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {253B9D02-A2D9-417E-AB73-D7630853ED80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {2F114C83-760D-4225-BD37-99995F577DB6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {2F30B61C-45F6-425D-B3C3-57A1B7A219C7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3202AF91-6730-4803-BCA1-B8438F291374} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [2016-08-16] (Trend Micro Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {37B883CB-D5AA-4059-8863-7BA1F8EA5406} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {37C48DFF-D9C5-48C2-B948-94C6C6A6796E} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {4C8C7E3C-D168-4AB8-BA00-F9EF0D8A4BF9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {557C7F8D-7615-45B9-B5D1-9181EC2F064D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {55952246-157E-4A5C-B3A7-91F7DD80EDC1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {55A49716-1C22-4ECF-8507-A5C8E9326E11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5A3E0EEB-0EC2-411F-A386-B76D4ED7640D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe 
Task: {5F192CED-E5F5-45C6-8D56-110D97145845} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {6C7F6726-DD4C-4A24-99A8-8AF140F48961} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7050C227-E0D4-47BC-B66E-98CD1AF7286C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-18] (Adobe Systems Incorporated)
Task: {765C009E-FC34-45CB-95A3-707677CA2C53} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {77FA1707-F30F-40F4-93AC-29107FBA2963} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7AABC1F1-7CC8-466C-9537-796394CCA587} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {88F8C61C-EEF6-4B6A-BEE9-9D1F36A8F0B7} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {9AED61C1-7F2C-470A-B9B6-F6055F31323D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AE085A6B-174B-4EC1-AF93-93EBFC32437B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B40F3C72-388C-4B60-A535-A2939B6E4FCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BB8FAF21-9E40-4558-96B3-F94C17F1DB9B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => %ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe 
Task: {BC5E52A1-D414-4E93-AD20-04263517639A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C66C65E6-B02A-441E-85A3-C5C82F88D870} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {C66EBDA8-635E-4521-8F16-B3EBA8ED4180} - \Lenovo\Lenovo Service Bridge\S-1-5-21-3240382664-3217752032-3399020223-1001 -> No File <==== ATTENTION
Task: {D5DA7090-951A-450D-A70D-A9B6293369EA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-18] (Adobe Systems Incorporated)
Task: {DDEAEE52-FF37-45C1-8799-123529D9FC68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F911C187-379D-42F0-A229-2749DAA3F994} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-02 10:11 - 2015-03-31 06:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll
2017-01-02 10:11 - 2015-03-31 06:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll
2017-01-02 10:11 - 2015-03-31 06:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2017-01-02 10:11 - 2015-03-31 06:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll
2017-01-02 10:11 - 2015-03-31 06:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll
2017-01-02 10:11 - 2015-03-31 06:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2017-01-02 09:43 - 2016-07-24 12:40 - 00178416 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2016-07-27 13:06 - 2016-07-27 13:06 - 00234400 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-11-05 08:19 - 2015-11-05 08:19 - 00417944 _____ () C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
2015-11-05 08:18 - 2015-11-05 08:18 - 02543768 _____ () C:\Program Files\Nitro\Pro 10\Nitro_KissMetrics.dll
2017-01-02 10:13 - 2016-07-24 12:40 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2017-01-02 10:13 - 2016-07-24 12:40 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2017-01-02 10:13 - 2016-07-24 12:40 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2017-01-02 10:13 - 2016-07-24 12:40 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2016-08-04 15:16 - 2016-08-04 15:16 - 06313376 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 19:44 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-15 19:44 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-15 19:44 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-26 02:00 - 2016-09-26 02:00 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:49 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 21:48 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:48 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:48 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:48 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 21:48 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:48 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-02 09:43 - 2016-07-24 12:40 - 00077072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2016-12-16 20:26 - 2016-12-16 20:28 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-03-02 20:16 - 2017-03-02 20:16 - 04385792 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.452.0_x64__8wekyb3d8bbwe\Time.exe
2017-03-02 20:16 - 2017-03-02 20:16 - 00822272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.452.0_x64__8wekyb3d8bbwe\TimeControls.dll
2017-03-02 20:16 - 2017-03-02 20:16 - 01070080 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.452.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2016-07-27 13:06 - 2016-07-27 13:06 - 00241056 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2012-10-29 21:13 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-01-28 18:25 - 2017-01-28 18:25 - 01162752 _____ () C:\Users\Melesia\AppData\Local\Facebook\Games\CefSharp.Core.dll
2017-01-28 18:25 - 2017-01-28 18:25 - 67197440 _____ () C:\Users\Melesia\AppData\Local\Facebook\Games\libcef.dll
2017-01-28 18:25 - 2017-01-28 18:25 - 00752640 _____ () C:\Users\Melesia\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2017-01-28 18:25 - 2017-01-28 18:25 - 01886208 _____ () C:\Users\Melesia\AppData\Local\Facebook\Games\libglesv2.dll
2017-01-28 18:25 - 2017-01-28 18:25 - 00078848 _____ () C:\Users\Melesia\AppData\Local\Facebook\Games\libegl.dll
2016-12-16 20:26 - 2016-12-16 20:28 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-15 19:50 - 2016-12-15 19:50 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2015-12-05 13:17 - 2015-12-05 13:17 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-23 22:03 - 2016-08-23 22:03 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2017-02-06 19:11 - 2017-02-01 04:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 19:11 - 2017-02-01 04:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-01-02 09:43 - 2016-07-24 12:40 - 00092792 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_57.dll
2017-01-02 09:43 - 2016-07-24 12:40 - 00024312 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_system-vc110-mt-1_57.dll
2017-01-02 09:43 - 2016-07-24 12:40 - 00032552 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_chrono-vc110-mt-1_57.dll
2017-01-02 09:43 - 2016-07-24 12:40 - 00049544 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_57.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Melesia\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "YouCam Tray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{719D49FE-5811-4201-BD0E-6CB15721E79E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{05959A0F-E03E-4C60-8131-EE256490335A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5F559B5C-AD44-4F33-9A0B-523F9D33492D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{DDF59DCA-0880-4933-929E-14FE0CEFBC17}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0200071C-7A94-4DF9-9DFD-9FDD131FD56C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EAD398F7-83A2-40EF-AF10-B340E60268BD}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{5B47CCAC-B062-4C43-AEF0-09C2FF373735}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B0395CD9-D10B-4CF1-A7BA-3F78700A04A7}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{F70D7307-CE25-478A-B72A-2E747A084738}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{ECCE5326-5D8B-42CD-A005-5E190A64CFC7}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{E9ED27B3-0370-4EC0-9D51-D76E73432A5A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [TCP Query User{7A4490D3-4CC3-4ED2-823B-A561AE9D9BC0}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Block) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [UDP Query User{365F3332-3BF5-4073-B51F-09FEE5DC6AB2}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Block) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe
FirewallRules: [{D4E16CEC-A9AF-4EEB-B342-08273C0CCC83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-02-2017 17:52:35 Scheduled Checkpoint
18-02-2017 14:27:14 Scheduled Checkpoint
25-02-2017 08:32:51 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2017 09:53:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023169 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/26/2017 09:25:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TULLY_LAPTOP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023169 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/02/2017 11:51:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (03/02/2017 08:14:01 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/02/2017 08:10:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/02/2017 08:10:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/02/2017 08:10:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 10:53:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 08:20:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/28/2017 08:17:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 08:17:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/28/2017 08:17:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-12-02 20:23:47.147
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 23:12:45.219
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-25 23:12:45.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
Percentage of memory in use: 70%
Total physical RAM: 3959.77 MB
Available physical RAM: 1173.44 MB
Total Virtual: 6263.77 MB
Available Virtual: 2227.36 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:417.99 GB) (Free:364.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1C9C218D)

Partition: GPT.

==================== End of Addition.txt ============================

descriptionSolvedRe: Computer acting weird

more_horiz
Hello there, I'm taking a look at your log...Be right back with more information.

descriptionSolvedFixes from Dr Jay

more_horiz
Fix with Farbar Recovery Scan Tool

Note to outside visitors: This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable.


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST icon and select Run as Administrator to start the tool.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.


Please post it to your reply.




Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.


  • Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.


Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.




Please download Malwarebytes' AdwCleaner onto your Desktop.

  • Double click on AdwCleaner_xxxx.exe to run the tool.
  • Click on Scan.
  • After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  • You can find the logfile at C:\AdwCleaner[Sx].txt as well.
Attachments
fixlist.txt

Ensure this is put on your Desktop with FRST.

You don't have permission to download attachments.

(5 Kb) Downloaded 3 times

descriptionSolvedRe: Computer acting weird

more_horiz
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by Melesia (04-03-2017 08:35:11) Run:1
Running from C:\Users\Melesia\Desktop
Loaded Profiles: Melesia (Available Profiles: Melesia & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
closeprocesses:
emptytemp:
createrestorepoint:
SearchScopes: HKU\S-1-5-21-3240382664-3217752032-3399020223-1001 -> DefaultScope {87ED4548-102D-4337-B283-C0DC4E9ED816} URL =
SearchScopes: HKU\S-1-5-21-3240382664-3217752032-3399020223-1001 -> {87ED4548-102D-4337-B283-C0DC4E9ED816} URL =
Task: {0EA4B086-ACDD-49E7-9B4A-C7BF6FCFD0CE} - \WPD\SqmUpload_S-1-5-21-3240382664-3217752032-3399020223-1001 -> No File <==== ATTENTION
Task: {1CC21E52-AC49-4B0F-92EC-F39CC7CA7FCA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2F30B61C-45F6-425D-B3C3-57A1B7A219C7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {4C8C7E3C-D168-4AB8-BA00-F9EF0D8A4BF9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {557C7F8D-7615-45B9-B5D1-9181EC2F064D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {55952246-157E-4A5C-B3A7-91F7DD80EDC1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {55A49716-1C22-4ECF-8507-A5C8E9326E11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6C7F6726-DD4C-4A24-99A8-8AF140F48961} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {77FA1707-F30F-40F4-93AC-29107FBA2963} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9AED61C1-7F2C-470A-B9B6-F6055F31323D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AE085A6B-174B-4EC1-AF93-93EBFC32437B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BC5E52A1-D414-4E93-AD20-04263517639A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C66EBDA8-635E-4521-8F16-B3EBA8ED4180} - \Lenovo\Lenovo Service Bridge\S-1-5-21-3240382664-3217752032-3399020223-1001 -> No File <==== ATTENTION
Task: {DDEAEE52-FF37-45C1-8799-123529D9FC68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
cmd: netsh winsock reset
cmd: netsh winsock reset catalog

cmd: netsh int ip reset
cmd: netsh advfirewall reset
cmd: ipconfig /flushdns
cmd: ipconfig /release
cmd: ipconfig /renew
end
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{87ED4548-102D-4337-B283-C0DC4E9ED816} => key removed successfully
HKCR\CLSID\{87ED4548-102D-4337-B283-C0DC4E9ED816} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EA4B086-ACDD-49E7-9B4A-C7BF6FCFD0CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EA4B086-ACDD-49E7-9B4A-C7BF6FCFD0CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3240382664-3217752032-3399020223-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CC21E52-AC49-4B0F-92EC-F39CC7CA7FCA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC21E52-AC49-4B0F-92EC-F39CC7CA7FCA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F30B61C-45F6-425D-B3C3-57A1B7A219C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F30B61C-45F6-425D-B3C3-57A1B7A219C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C8C7E3C-D168-4AB8-BA00-F9EF0D8A4BF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8C7E3C-D168-4AB8-BA00-F9EF0D8A4BF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{557C7F8D-7615-45B9-B5D1-9181EC2F064D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{557C7F8D-7615-45B9-B5D1-9181EC2F064D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55952246-157E-4A5C-B3A7-91F7DD80EDC1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55952246-157E-4A5C-B3A7-91F7DD80EDC1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55A49716-1C22-4ECF-8507-A5C8E9326E11} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55A49716-1C22-4ECF-8507-A5C8E9326E11} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C7F6726-DD4C-4A24-99A8-8AF140F48961} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C7F6726-DD4C-4A24-99A8-8AF140F48961} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77FA1707-F30F-40F4-93AC-29107FBA2963} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77FA1707-F30F-40F4-93AC-29107FBA2963} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AED61C1-7F2C-470A-B9B6-F6055F31323D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AED61C1-7F2C-470A-B9B6-F6055F31323D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE085A6B-174B-4EC1-AF93-93EBFC32437B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE085A6B-174B-4EC1-AF93-93EBFC32437B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC5E52A1-D414-4E93-AD20-04263517639A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC5E52A1-D414-4E93-AD20-04263517639A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C66EBDA8-635E-4521-8F16-B3EBA8ED4180} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C66EBDA8-635E-4521-8F16-B3EBA8ED4180} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-3240382664-3217752032-3399020223-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDEAEE52-FF37-45C1-8799-123529D9FC68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDEAEE52-FF37-45C1-8799-123529D9FC68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully

========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::512f:c001:58d7:2a87%4
Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : triad.rr.com
Link-local IPv6 Address . . . . . : fe80::512f:c001:58d7:2a87%4
IPv4 Address. . . . . . . . . . . : 192.168.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:2854:193c:3070:1708:3f57:fffb
Link-local IPv6 Address . . . . . : fe80::3070:1708:3f57:fffb%16
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.triad.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : triad.rr.com

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 277806690 B
Java, Flash, Steam htmlcache => 1156 B
Windows/system/drivers => 590026908 B
Edge => 7675207 B
Chrome => 664036533 B
Firefox => 4880483 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 42634 B
NetworkService => 17650 B
Melesia => 8952450 B
Administrator => 12198 B

RecycleBin => 322190260 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:38:56 ====

descriptionSolvedRe: Computer acting weird

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64
Ran by Melesia (Administrator) on Sat 03/04/2017 at 8:48:39.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Melesia\AppData\Local\ysearchutil (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/04/2017 at 9:03:41.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v6.044 - Logfile created 04/03/2017 at 09:53:07
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Melesia - TULLY_LAPTOP
# Running from : C:\Users\Melesia\Desktop\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Program Files (x86)\Yahoo!\yset
Folder Found: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] - nortonsafe.search.ask.com
Chrome pref Found: [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] - us.yhs4.search.yahoo.com

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3553 Bytes] - [25/06/2016 07:04:17]
C:\AdwCleaner\AdwCleaner[C2].txt - [1154 Bytes] - [30/06/2016 17:32:39]
C:\AdwCleaner\AdwCleaner[C3].txt - [1864 Bytes] - [24/07/2016 09:13:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [3354 Bytes] - [25/06/2016 07:00:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [982 Bytes] - [30/06/2016 17:08:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [339 Bytes] - [24/07/2016 09:08:23]
C:\AdwCleaner\AdwCleaner[S4].txt - [1672 Bytes] - [24/07/2016 09:10:09]
C:\AdwCleaner\AdwCleaner[S5].txt - [2123 Bytes] - [04/03/2017 09:53:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2196 Bytes] ##########

descriptionSolvedRe: Computer acting weird

more_horiz
Good work... that took care of a lot. If it was anything, it was minimal of an infection. We will continue to do a few more scans and you should be set.

Remove the Adware

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner_xxxx.exe to run the tool.
  • Press Scan, wait for it to finish, and then hit Clean.
  • Your computer will be rebooted automatically. If it does not, please reboot the computer manually.
  • Once it is restarted and you're back in Windows, double-click adwcleaner_xxxx.exe, hit "Logfile." On the Cleaning tab, double-click the latest logfile, copy the contents, and paste it into your next reply.
  • You can find the logfile at C:\AdwCleaner[Sx].txt as well.





Malwarebytes' scanner
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes' scanner to your desktop.

  • Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
  • Click Finish.
  • On the Dashboard, click the 'Check for Updates' button.
  • After the update completes, click the 'Scan Now' button.
  • A Threat Scan will begin. Please allow it to progress through the scanning process.
  • When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open Malwarebytes once more.
  • Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Find the log on your Desktop and Attach that saved log or copy and paste it to your next reply.

descriptionSolvedRe: Computer acting weird

more_horiz
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/4/2017
Scan Time: 2:10 PM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.04.06
Rootkit Database: v2017.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Melesia

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343347
Time Elapsed: 26 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v6.044 - Logfile created 04/03/2017 at 14:01:58
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Melesia - TULLY_LAPTOP
# Running from : C:\Users\Melesia\Desktop\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL


***** [ Web browsers ] *****

[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: nortonsafe.search.ask.com
[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: us.yhs4.search.yahoo.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3553 Bytes] - [25/06/2016 07:04:17]
C:\AdwCleaner\AdwCleaner[C2].txt - [1154 Bytes] - [30/06/2016 17:32:39]
C:\AdwCleaner\AdwCleaner[C3].txt - [1864 Bytes] - [24/07/2016 09:13:22]
C:\AdwCleaner\AdwCleaner[C4].txt - [1765 Bytes] - [04/03/2017 14:01:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [3354 Bytes] - [25/06/2016 07:00:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [982 Bytes] - [30/06/2016 17:08:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [339 Bytes] - [24/07/2016 09:08:23]
C:\AdwCleaner\AdwCleaner[S4].txt - [1672 Bytes] - [24/07/2016 09:10:09]
C:\AdwCleaner\AdwCleaner[S5].txt - [2275 Bytes] - [04/03/2017 09:53:07]
C:\AdwCleaner\AdwCleaner[S6].txt - [2347 Bytes] - [04/03/2017 14:00:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2274 Bytes] ##########

descriptionSolvedRe: Computer acting weird

more_horiz
Hello again, this scan should be fairly final, along with a followup scan from a different tool real quick...

Please run the Bitdefender QuickScan , and once done, press the View Report link. Post that log in your next reply, if available...




Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here .

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    Code:

    createsrpoint;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;


  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

descriptionSolvedRe: Computer acting weird

more_horiz
When I click the Scan Now button on Bit Defender, it just blinks, and I never see a View Report link. When I click on Zoek above it gives me this:

Not Found

The requested URL /smeenk/zoek.htm was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

descriptionSolvedRe: Computer acting weird

more_horiz
Hello again, the different versions seemed to work for me... Try this one again please: http://download.bleepingcomputer.com/smeenk/zoek.exe

descriptionSolvedRe: Computer acting weird

more_horiz
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Melesia on Sun 03/05/2017 at 7:54:18.67.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Melesia\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/5/2017 8:00:06 AM Zoek.exe System Restore Point Created Successfully.

==== Installed Programs ======================

Adobe Acrobat Reader DC
Adobe AIR
Adobe Flash Player 24 PPAPI
Adobe Refresh Manager
Amazon Send to Kindle
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Conexant HD Audio
Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition
Dolby Digital Plus Advanced Audio
Energy Management
Facebook Gameroom 1.3.1.2
FreeRide Games
Google Chrome
Google Update Helper
Intel AppUp(SM) center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intelr Trusted Connect Service Client
Java 8 Update 121 (64-bit)
Java Auto Updater
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Photos
Lenovo pointing device
Lenovo PowerDVD10
Lenovo Service Bridge
Lenovo Solution Center
Lenovo YouCam
Lenovo_Wireless_Driver
Malwarebytes Anti-Malware version 2.2.1.1043
Microsoft Audio Enhancement Troubleshooter installer
Microsoft Office
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Nitro Pro 10
Power2Go
Realtek USB 2.0 Card Reader
Security Update for Microsoft Access 2010 (KB3101544) 32-Bit Edition
Security Update for Microsoft Excel 2010 (KB3128037) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553432) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2889841) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054984) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3101520) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3114400) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3115120) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3118380) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB3118313) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3118378) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB3114395) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3114872) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2999465) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB3128034) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Skype Click to Call
SkypeT 7.28
SUPERAntiSpyware
Trend Micro DirectPass
Trend Micro Maximum Security
Trend Micro Password Manager
Trend Micro Titanium
Trend Micro Troubleshooting Tool
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2791057) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881030) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3114756) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
UserGuide
VCRT for DirectPass x64
VCRT for DirectPass x86
VMware Horizon Client
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)

==== Running Processes ======================

C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\chrome_extension2\host\chrome_native_msg_host.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Melesia\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Amsp] - Trend Micro Solution Platform - c:\program files\trend micro\amsp\coreserviceshell.exe coreframeworkhost.exe [x]
R2 - [BcmBtRSupport] - Bluetooth Driver Management Service - c:\windows\system32\btwrsupportservice.exe
R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
R2 - [ETDService] - Elan Service - c:\program files\elantech\etdservice.exe
R2 - [ftnlsv3hv] - VMware Netlink Supervisor Service - c:\program files\common files\vmware\deviceredirectioncommon\ftnlsv.exe
R2 - [ftscanmgrhv] - VMware Scanner Redirection Client - c:\program files (x86)\vmware\scannerredirection\ftscanmgrhv.exe
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
R2 - [nlsX86cc] - Nalpeiron Licensing Service - c:\windows\syswow64\nlssrv32.exe
R2 - [Platinum Host Service] - Platinum Host Service - c:\program files\trend micro\titanium\plugin\pt\ptsvchost.exe
R2 - [PwmSvc] - Trend Micro Password Manager Central Control Service - c:\program files\trend micro\tmids\pwmsvc.exe
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
R2 - [VMUSBArbService] - VMware USB Arbitration Service - c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator64.exe
R2 - [vmware-view-usbd] - VMware View USB - c:\program files (x86)\vmware\vmware horizon view client\vmware-view-usbd.exe
R2 - [vmwsprrdpwks] - VMware Serial Com Redirection Client service - c:\program files (x86)\common files\vmware\serialportredirection\client\vmwsprrdpwks.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [SAService] - Conexant SmartAudio service - c:\windows\system32\sasrv.exe [x]
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [diagnosticshub.standardcollector.service] - Microsoft (R) Diagnostics Hub Standard Collector Service - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [LSC.Services.SystemService] - Lenovo Solution Center System Service - c:\program files\lenovo\lenovo solution center\app\lsc.services.systemservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SensorDataService] - Sensor Data Service - c:\windows\system32\sensordataservice.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TieringEngineService] - Storage Tiers Management - c:\windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3960 MB
CPU Info: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
CPU Speed: 1840.2 MHz
Sound Card: Speakers (Conexant SmartAudio H |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: This Qualcomm Atheros network Controller connects you to the network. | Bluetooth PAN HelpText | The Broadcom 802.11 Network Adapter provides wireless local area networking. | Microsoft Wi-Fi Direct Virtual Adapter
CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ8D1
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 418.0GB | D: 25.0GB
Hard Disks - Free: C: 364.8GB | D: 22.7GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | | LENOVO - 1
Time Zone: Eastern Standard Time
Motherboard *: LENOVO INVALID
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Trend Micro Maximum Security On-access scanning enabled (Updated)
Anti-Spyware: Trend Micro Maximum Security enabled (Updated)
Internet Explorer Version: 11.576.14393.0
Google Chrome version: 56.0.2924.87
Adobe Reader version: 15.23.20070.215641

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Melesia\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2017-03-04 02:09:19 3C9508C3B515FDB5762DF5862C864301 110144 ----a-w- C:\WINDOWS\Sysnative\WindowsAccessBridge-64.dll
====== C:\WINDOWS\Sysnative\drivers =====
====== C:\WINDOWS\Tasks ======
2017-03-04 02:03:54 BD7CD11E113AF7D34618F9E56DD41A73 3970 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-04 02:03:54 94C14863E7C4C12254A16B04306FA785 830 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-04 02:03:54 5EDE898B6B817D5C6D32C8DB1291C0C0 3806 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater
2017-03-04 02:03:54 2EFD1090D78C7D77EEED4329D1697045 892 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2017-03-04 02:08:36 -------- d-----w- C:\Program Files\Java
======= C:\PROGRA~2 =====
2017-03-04 02:11:53 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
2017-03-04 19:46:04 EA628982B6C5639A39D3866933A50695 1049 ----a-w- C:\AdwCleanerFile.txt
====== C:\Users\Melesia\AppData\Roaming ======
====== C:\Users\Melesia ======
2017-03-04 14:48:31 CAC2A9395DFA587DB4B62AA781C9432E 4031440 ----a-w- C:\Users\Melesia\Desktop\adwcleaner_6.044.exe
2017-03-04 13:48:00 C246FC88529FC3A4910CAB72BEF50539 1663736 ----a-w- C:\Users\Melesia\Desktop\JRT.exe
2017-03-04 02:09:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-04 02:06:29 A963C6B8A012E658A3D657C4897CF7C8 64153152 ----a-w- C:\Users\Melesia\Downloads\jre-8u121-windows-x64.exe
2017-03-04 01:37:32 EEF6A6F6CAFD2A53D3ACD6DA53239661 2423296 ----a-w- C:\Users\Melesia\Desktop\FRST64.exe

====== C: exe-files ==
2017-03-04 19:01:49 FCE0D118E1E35E2CBCCA6FA3022A8008 182736 ----a-w- C:\AdwCleaner\quarantine\files\wfpdpxtpfxfyhpvazncbpypyjaufrgbh\{AF0F0516-B7C3-C849-B26D-0F2F8EDD8279}\YSearchUtilSVC.exe
2017-03-04 19:01:49 92A435B45AEA4B5FB0BBAB869DFFDA3A 112080 ----a-w- C:\AdwCleaner\quarantine\files\wfpdpxtpfxfyhpvazncbpypyjaufrgbh\{AF0F0516-B7C3-C849-B26D-0F2F8EDD8279}\YSearchSetTool.exe
2017-03-04 19:01:49 5A0330E659B596F73FE627B1D44E0D6F 71008 ----a-w- C:\AdwCleaner\quarantine\files\wfpdpxtpfxfyhpvazncbpypyjaufrgbh\{AF0F0516-B7C3-C849-B26D-0F2F8EDD8279}\unset.exe
2017-03-04 14:48:31 CAC2A9395DFA587DB4B62AA781C9432E 4031440 ----a-w- C:\Users\Melesia\Desktop\adwcleaner_6.044.exe
2017-03-04 13:48:17 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Melesia\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2017-03-04 13:48:17 2251CEB04ADFFB068F80A6C98F5B7ABB 106448 ----a-w- C:\Users\Melesia\AppData\Local\Temp\jrt\CreateRestorePoint.exe
2017-03-04 13:48:00 C246FC88529FC3A4910CAB72BEF50539 1663736 ----a-w- C:\Users\Melesia\Desktop\JRT.exe
2017-03-04 02:27:56 B52838351CFE6D0C95332452DE1016E7 67072 ----a-w- C:\Users\Melesia\AppData\Local\Facebook\updater.exe
2017-03-04 02:09:11 F8AB79517B4EB4508375EC0406C3EDEC 69696 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\ssvagent.exe
2017-03-04 02:09:11 DA7093EA1B09B11250B1AC485B69EAD6 197184 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\unpack200.exe
2017-03-04 02:09:11 B4FB76D02378BE2F8F7EC9BCE8C423BE 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\tnameserv.exe
2017-03-04 02:09:11 7DA769B18CB16D0192E6D3C307085F07 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\servertool.exe
2017-03-04 02:09:10 F6E4712218FBA1764F851C3448C17FE2 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\pack200.exe
2017-03-04 02:09:10 EE400CB85481BAB9980FB40CB9BD7EBD 15936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\jjs.exe
2017-03-04 02:09:10 DE7C36AE916376D1E628ACE68808CB7F 111680 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\jp2launcher.exe
2017-03-04 02:09:10 D1ADB720D6173F8CE7BAB37FFFA3C90D 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\kinit.exe
2017-03-04 02:09:10 B38235C49CEB1B2DB4836BEEF95BF261 34368 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\jabswitch.exe
2017-03-04 02:09:10 ABF2E38B995E8F2997713393073A7E22 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\rmiregistry.exe
2017-03-04 02:09:10 9959983B48E5A2796C76ED1DE02D02CD 79936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\javacpl.exe
2017-03-04 02:09:10 97B50FC1A368706C6D0DBFA3060A5721 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\ktab.exe
2017-03-04 02:09:10 957285B9662D1E3BAA9501B7D1B29E0E 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\orbd.exe
2017-03-04 02:09:10 909B3A1DEC24CE9687A71C7B2E4DBE35 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\klist.exe
2017-03-04 02:09:10 870F4F8548DED2A88519D83C69856AA0 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\keytool.exe
2017-03-04 02:09:10 7F646A16329B9DE19B3231B9F1619F77 15936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\rmid.exe
2017-03-04 02:09:10 7F0467C3AA5BDAF44BBC824AC81359D0 206912 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
2017-03-04 02:09:10 58F6CC7AA09D6CC6D566D888CC37B5DD 16448 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\policytool.exe
2017-03-04 02:09:10 514859480D5D3A7E87BE8741CF4FEA1E 15936 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\java-rmi.exe
2017-03-04 02:09:10 177B6CC9FEBFFC816A71D11132CEED5E 206912 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\java.exe
2017-03-04 02:09:10 135592B076CE53BC24AA251E1B89A9F1 318528 ----a-w- C:\Program Files\Java\jre1.8.0_121\bin\javaws.exe
2017-03-04 02:06:29 A963C6B8A012E658A3D657C4897CF7C8 64153152 ----a-w- C:\Users\Melesia\Downloads\jre-8u121-windows-x64.exe
2017-03-04 01:37:32 F3B9095EEE5F82E222781F2F2BF210FD 2423808 ----a-w- C:\Users\Melesia\Desktop\FRST-OlderVersion\FRST64.exe
2017-03-04 01:37:32 EEF6A6F6CAFD2A53D3ACD6DA53239661 2423296 ----a-w- C:\Users\Melesia\Desktop\FRST64.exe
2017-03-03 02:08:31 B84E589F25BDE8362B8CFD2A81C2D4A2 2623480 ----a-w- C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\SwReporter\17.94.0\software_reporter_tool.exe
2017-03-03 01:12:01 EE0F39935189F6F2B749651A5843EB5A 20478176 ----a-w- C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2017-03-03 01:12:01 EE0F39935189F6F2B749651A5843EB5A 20478176 ----a-w- C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\OneDriveSetup.exe
2017-03-03 01:11:07 11A8F14BD167BA0E0FF9830519002840 229592 ----a-w- C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe
2017-03-03 01:11:06 541CBA6B4CD1F65D7C0305223C24CB00 215264 ----a-w- C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileCoAuth.exe
2017-02-28 05:01:54 A7B395F4D030734375D54DA270F23FA6 384944 ----a-w- C:\Users\Melesia\AppData\Local\Facebook\Games\FacebookGameroom.exe
2017-02-28 05:01:54 8E6F0058C493C5B82223E3B36FA3FF9B 14768 ----a-w- C:\Users\Melesia\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
2017-02-28 04:54:06 733C32F6350C5CD623176F3B705FF47A 67072 ----a-w- C:\Users\Melesia\AppData\Local\Facebook\Games\updater.exe
=== C: other files ==
2017-03-04 15:24:45 5A5B2354760D4F3B1A6B08C9DF729277 903277 ----a-w- C:\Users\Melesia\Desktop\HealthSummary20170304.zip
2017-03-04 13:48:16 AC82941E47BF2AA459975C8B5D8FFDD6 129511 ----a-w- C:\Users\Melesia\AppData\Local\Temp\jrt\get.bat
2017-03-04 02:09:11 8795B77F5012AF9FAD42B84271FC650B 14156 ----a-w- C:\Program Files\Java\jre1.8.0_121\lib\deploy\ffjcext.zip
2017-03-03 01:11:06 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\CollectOneDriveLogs.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3240382664-3217752032-3399020223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="C:\Program Files (x86)\USB Camera\VM331STI.EXE"
"332BigDog"="C:\Program Files (x86)\USB Camera2\VM332STI.EXE"
"YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s"
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0"
"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"Malwarebytes Anti-Exploit"="C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"PwmConsole.exe"="C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe -s"
"VMware Netlink 3 HV Install Utility"="C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe"
"Trend Micro Client Framework"="C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
"Platinum"="C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe 1"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [03/03/2017 09:03 PM]
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [03/03/2017 09:03 PM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\AirSupport Update" [C:\Program Files\Trend Micro\AirSupport\Update.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe]
"C:\WINDOWS\SysNative\tasks\OFFICE2010ACT" [C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task" [C:\Users\Melesia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C6BF39F3-6C11-4E9F-99F1-A1EC94F9FD52}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64 35" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\Lenovo Solution Center Notifications" [%programfiles%\Lenovo\Lenovo Solution Center\LSCNotify.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScanPostpone" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\RebootCountTask" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -rebootcount]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\Time72Task" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -canupdate]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{c2056674-a37f-4b29-9300-2004759d74fe}"="C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension" [01/02/2017 10:15 AM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22181a4d-af90-4ca3-a569-faed9118d6bc}"="C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension" [01/02/2017 10:47 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Melesia\AppData\Roaming\Mozilla\Firefox\Profiles\e9pejw1d.default
- All Aboard - %ProfilePath%\extensions\@all-aboard-v1

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hikeppggmbhdgodhakicedaejpleoigm - No path found[]
idkknaphebegndgimgdpfnconcickdfn - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]
olmajmomenlhgihenlbjcfbopoghpckg - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Google Slides - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Yahoo Mail Notification Extension - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii
Google Docs - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Send to Kindle for Google Chrome - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea
Google Search - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Kindle Cloud Reader - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
Clearly - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj
Chrome Web Store Payments - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Trend Micro Privacy Scanner - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf
Trend Micro Password Manager - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg
Gmail - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A64EA20-5465-4D1A-B5B7-5A3A256C1580} Yahoo Search Url="https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sun 03/05/2017 at 8:15:26.50 ======================

descriptionSolvedRe: Computer acting weird

more_horiz
Please download and run the Google Chrome Software Cleaner .




How long has internet access been gone?

descriptionSolvedRe: Computer acting weird

more_horiz
My internet access is fine.  I haven't experienced any problems with it.

I downloaded and ran the tool you asked.  It didn't generate any logs.  Was it supposed to?

descriptionSolvedRe: Computer acting weird

more_horiz
No logs needed. Smile...

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:


  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.
Permissions in this forum:
You cannot reply to topics in this forum