Author Topic: [Inactive - K] LAPTOP NEEDS CHECKING ASAP  (Read 1759 times)

Offline shazaibe123

  • Bronze Member
  • Posts: 9
[Inactive - K] LAPTOP NEEDS CHECKING ASAP
« on: May 10, 2015, 12:30:51 PM »
LAPTOP IS REALLY SLOW
CANT RECOVER IT
VIDEOS FREEZE
DISPLAY DRIVER KEEPS STOPPING
FED UP
« Last Edit: May 21, 2015, 02:18:07 AM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #1 on: May 10, 2015, 12:42:23 PM »
Hello shazaibe123 and welcome to SpywareHammer,

Run the following and post the two produced logs....

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thanks,

Kevin...

Offline shazaibe123

  • Bronze Member
  • Posts: 9
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #2 on: May 10, 2015, 04:43:30 PM »
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by laaraibe (administrator) on LAARAIBE on 10-05-2015 15:36:59
Running from C:\Users\laaraibe\AppData\Local\Microsoft\Windows\INetCache\IE\7FSSLTYA
Loaded Profiles: laaraibe &  (Available profiles: laaraibe & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Dropbox, Inc.) C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-774264396-2148236244-1795177131-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-774264396-2148236244-1795177131-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
Startup: C:\Users\laaraibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laaraibe\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-774264396-2148236244-1795177131-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-774264396-2148236244-1795177131-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-774264396-2148236244-1795177131-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-774264396-2148236244-1795177131-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-774264396-2148236244-1795177131-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-774264396-2148236244-1795177131-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\S-1-5-21-774264396-2148236244-1795177131-1002 -> DefaultScope {785CBD44-5282-4783-8084-D1D58AD96957} URL =
SearchScopes: HKU\S-1-5-21-774264396-2148236244-1795177131-1002 -> {785CBD44-5282-4783-8084-D1D58AD96957} URL =
SearchScopes: HKU\S-1-5-21-774264396-2148236244-1795177131-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {785CBD44-5282-4783-8084-D1D58AD96957} URL =
SearchScopes: HKU\S-1-5-21-774264396-2148236244-1795177131-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {785CBD44-5282-4783-8084-D1D58AD96957} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-774264396-2148236244-1795177131-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-07-12] (Intel)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR DefaultSuggestURL: Default -> http://sug.searchalgo.com/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-25]
CHR Extension: (Search By MusixLib) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\balimbofoedmklhpnchbgmlfipgpbjnl [2015-05-02]
CHR Extension: (YouTube) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-25]
CHR Extension: (Google Search) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-25]
CHR Extension: (Google Sheets) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-25]
CHR Extension: (Support our cause) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\knhgakaflhfkofmnenllidimpnnlgmpo [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-25]
CHR Extension: (Google Wallet) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR Extension: (Gmail) - C:\Users\laaraibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-04-24] () [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-04-20] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-24] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-08-25] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 15:36 - 2015-05-10 15:37 - 00000000 ____D () C:\FRST
2015-05-10 12:19 - 2015-05-10 14:46 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 12:18 - 2015-05-10 12:18 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-10 12:18 - 2015-05-10 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-10 12:18 - 2015-05-10 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-10 12:18 - 2015-05-10 12:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-10 12:18 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-10 12:18 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-10 12:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-02 20:43 - 2015-05-02 20:43 - 00301056 _____ () C:\Users\laaraibe\Downloads\Download.exe
2015-05-02 19:45 - 2015-05-02 19:45 - 01102008 _____ () C:\Users\laaraibe\Downloads\setup (4).exe
2015-05-02 19:43 - 2015-05-02 19:44 - 00797240 _____ (Generic ) C:\Users\laaraibe\Downloads\adobe_flash_setup.exe
2015-05-02 19:38 - 2015-05-02 19:38 - 00000000 ____D () C:\Users\laaraibe\AppData\Local\Lenovo
2015-05-01 14:16 - 2015-05-01 14:16 - 00962560 _____ () C:\Users\laaraibe\Downloads\ms4essayplans-130516041720-phpapp02.ppt
2015-05-01 14:07 - 2015-05-01 14:07 - 00239160 _____ () C:\Users\laaraibe\Downloads\lesson2-channelidentity-131211142602-phpapp02.pptx
2015-04-29 13:18 - 2015-04-29 13:18 - 00046493 _____ () C:\Users\laaraibe\Downloads\oxfam.pptx
2015-04-25 09:18 - 2015-04-30 12:23 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-25 09:18 - 2015-04-25 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-25 09:17 - 2015-05-10 15:22 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 09:17 - 2015-05-10 13:05 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-25 09:17 - 2015-04-25 09:18 - 00000000 ____D () C:\Users\laaraibe\AppData\Local\Google
2015-04-25 09:17 - 2015-04-25 09:17 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-25 09:17 - 2015-04-25 09:17 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-25 09:17 - 2015-04-25 09:17 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-25 09:16 - 2015-04-25 09:17 - 00000000 ____D () C:\Users\laaraibe\AppData\Local\Deployment
2015-04-25 09:16 - 2015-04-25 09:16 - 00000000 ____D () C:\Users\laaraibe\AppData\Local\Apps\2.0
2015-04-25 07:44 - 2015-03-03 06:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-25 07:40 - 2015-04-25 07:40 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-04-23 15:22 - 2015-04-23 15:22 - 00000000 ____D () C:\adobeTemp
2015-04-23 14:40 - 2015-04-23 14:40 - 00000000 ____D () C:\Users\laaraibe\AppData\Roaming\SanDisk SecureAccess
2015-04-15 08:48 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:48 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:48 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:48 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:48 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:48 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:48 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:48 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:48 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:48 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:48 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:48 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:48 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:48 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:48 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:48 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:48 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:48 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:48 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:48 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:48 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:48 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:48 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:48 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:48 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:48 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:48 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:48 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:48 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:48 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:48 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:48 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:48 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 08:48 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:48 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:48 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:48 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:48 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 08:48 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 08:48 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:48 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:48 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 08:48 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:48 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:48 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:48 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:48 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:48 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:48 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:48 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:48 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:48 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:48 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 08:48 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:48 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:48 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 08:48 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:48 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:48 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:48 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 08:48 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:48 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-13 11:02 - 2015-04-13 11:08 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-13 11:02 - 2015-04-13 11:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-11 15:10 - 2015-04-11 15:10 - 00308520 _____ () C:\WINDOWS\Minidump\041115-24203-01.dmp
2015-04-11 14:49 - 2015-04-11 14:49 - 00308480 _____ () C:\WINDOWS\Minidump\041115-25734-01.dmp
2015-04-11 12:50 - 2015-04-11 12:50 - 00024329 _____ () C:\Users\laaraibe\Downloads\Outlook.com.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 15:37 - 2015-02-04 06:50 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-774264396-2148236244-1795177131-1002
2015-05-10 15:32 - 2015-02-19 10:27 - 01932868 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-10 15:32 - 2015-02-06 14:00 - 00000469 _____ () C:\Users\laaraibe\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
2015-05-10 15:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-10 14:46 - 2013-08-22 07:46 - 00356390 _____ () C:\WINDOWS\setupact.log
2015-05-10 13:07 - 2015-02-04 06:47 - 00000000 ____D () C:\Users\laaraibe\AppData\Local\Adobe
2015-05-10 13:06 - 2015-04-03 06:51 - 00000000 ____D () C:\Users\laaraibe\AppData\Roaming\Dropbox
2015-05-10 13:05 - 2015-02-19 10:38 - 00000000 __RDO () C:\Users\laaraibe\OneDrive
2015-05-10 13:04 - 2015-02-19 10:03 - 00000000 ____D () C:\Users\laaraibe
2015-05-10 13:04 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-10 13:01 - 2014-11-21 01:34 - 00007744 _____ () C:\WINDOWS\PFRO.log
2015-05-10 11:06 - 2015-02-20 12:27 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C96BD325-9E71-478C-96A9-38AA32EDF9E7}
2015-05-09 16:51 - 2015-02-05 12:04 - 03603620 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-09 15:24 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-09 08:59 - 2015-01-01 17:27 - 00000000 ____D () C:\Users\laaraibe\Desktop\JAHANZAIBE
2015-05-09 08:19 - 2015-02-04 06:39 - 00000000 ____D () C:\Users\laaraibe\AppData\Local\Packages
2015-05-08 13:13 - 2013-08-25 00:36 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2015-05-08 13:13 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-06 11:34 - 2014-10-06 12:28 - 00000000 ____D () C:\Users\laaraibe\Documents\SHANI
2015-05-05 10:04 - 2015-02-04 06:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-25 08:34 - 2015-02-07 12:41 - 00000000 ___RD () C:\Users\laaraibe\Creative Cloud Files
2015-04-25 08:28 - 2015-02-07 12:39 - 00001340 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-04-25 08:28 - 2015-02-07 12:39 - 00001328 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-04-25 08:28 - 2013-08-25 00:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-25 07:46 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-25 07:42 - 2015-02-04 06:48 - 00000000 ____D () C:\Users\laaraibe\AppData\Roaming\LSC
2015-04-25 07:40 - 2013-08-25 00:27 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-25 07:40 - 2013-08-25 00:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-04-25 07:40 - 2013-08-25 00:25 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-25 07:37 - 2013-08-25 00:25 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-04-23 15:21 - 2015-02-07 14:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-23 14:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-23 14:15 - 2014-11-21 01:44 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-23 12:53 - 2013-08-25 00:32 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-17 12:08 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 12:26 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-13 16:24 - 2014-11-21 09:03 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 16:24 - 2014-11-21 09:03 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 17:54 - 2015-01-19 15:25 - 00000000 ____D () C:\Users\laaraibe\Documents\HAIDAR
2015-04-11 15:10 - 2015-02-28 08:01 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-11 15:09 - 2015-02-06 13:10 - 402248609 _____ () C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories =======

2013-08-25 00:14 - 2013-08-25 00:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\laaraibe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvjetkp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-25 09:37

==================== End Of Log ============================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #3 on: May 10, 2015, 05:28:37 PM »
No obvious malware or infection in those logs, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....
32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Next,

Zip up and attach the following folder: C:\WINDOWS\Minidump

Let me see those logs in your next reply....

Thanks,

Kevin....

Offline shazaibe123

  • Bronze Member
  • Posts: 9
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #4 on: May 14, 2015, 12:40:28 PM »
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/05/2015
Scan Time: 10:28:36
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.14.04
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: laaraibe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389870
Time Elapsed: 30 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)





Offline shazaibe123

  • Bronze Member
  • Posts: 9
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #5 on: May 14, 2015, 12:56:31 PM »
# AdwCleaner v4.203 - Logfile created 14/05/2015 at 11:43:57
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : laaraibe - LAARAIBE
# Running from : C:\Users\laaraibe\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\FlvPlayer.lnk
File Deleted : C:\Users\laaraibe\Desktop\Play Games Online.url

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Start Now Technology.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.movshare.net

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [1231 bytes] - [14/05/2015 11:42:08]
AdwCleaner[S0].txt - [1169 bytes] - [14/05/2015 11:43:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1228  bytes] ##########

Offline shazaibe123

  • Bronze Member
  • Posts: 9
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #6 on: May 14, 2015, 02:15:27 PM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 8.1 x64
Ran by laaraibe on 14/05/2015 at 11:59:12.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-774264396-2148236244-1795177131-1002



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\laaraibe\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\laaraibe\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal



~~~ Folders


Offline shazaibe123

  • Bronze Member
  • Posts: 9
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #7 on: May 14, 2015, 02:30:24 PM »
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Feb 26 11:09:41 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 27 02:43:05 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 27 02:43:26 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 27 02:55:29 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 27 02:55:31 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 27 04:05:59 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Mon Mar 02 11:47:49 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Exception Caught: 0x80010106
Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 02 11:47:58 2015


Return code: 1 (0x1)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Mar 17 04:36:44 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0

Results Summary:
----------------
No infection found.
Failed to submit clean hearbeat MAPS report: 0x80072EE7
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 17 04:39:47 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Mar 17 14:11:17 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 17 14:21:54 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Wed Mar 18 12:10:16 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 18 12:10:21 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Wed Mar 18 13:47:18 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0)
Started On Thu May 14 13:23:00 2015

Engine: 1.1.11602.0
Signatures: 1.197.1100.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 13:29:34 2015


Return code: 0 (0x0)

Offline shazaibe123

  • Bronze Member
  • Posts: 9
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #8 on: May 14, 2015, 02:33:46 PM »
it does not let me attach this file
C:\WINDOWS\Minidump

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #9 on: May 14, 2015, 04:08:12 PM »
Zip up the minidump folder, then attach the zip file..

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] LAPTOP NEEDS CHECKING ASAP
« Reply #10 on: May 21, 2015, 02:17:23 AM »
Due to the lack of feedback this topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

 

Click Here