Jump to content

Laptop on black screen and movable cursor after malware bytes scan


Zero0
 Share

Recommended Posts

Hi, all.

 

I've been facing a problem with my HP Pavilion g6. The other day I believe it was Sep.19 when I came back home and started my laptop, my laptop's microsoft security essentials would not turn on, HP support assistant wasn't working and kept giving me error messages. My internet was working, but if i wanted to open a folder or program it would freeze and the folder/program wouldn't open, I assumed it was a virus. I decided to go into safe mode and I installed Malwarybytes when I did the scan there were 32 detected items most of them were PUP detection's. I removed all of them and Malwarebytes asked me to reset, I reset my laptop and when I tried resuming windows normally it stayed on a black screen with a movable cursor. Task manager worked and after 10 minutes I got a windows message saying HP support assistant is not working.

 

I decided to use system restore and then everything went fine.

 

Fast forward this morning, I encountered the same problem everything above. It has occurred for a 2nd time, but this time after I used system restore it still was on a black screen with a movable cursor. Currently doing another malwarebytes scan.

 

I'm currently using safe mode with networking at the moment, so I don't think my problem is that big, right?

 

Any help is appreciated.

 

Link to post
Share on other sites

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Thank you for the reply.

 

I just wanted to let you know, i ran malwarebytes and i removed any detected threats in normal mode and it reset without any problems.

 

I'll download farbar scan and ill post my log.

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2013
Ran by Alhossain (administrator) on ALHOSSAIN-HP on 23-09-2013 04:41:49
Running from C:\Users\Alhossain\Documents\Installations
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\Alhossain\AppData\Local\Google\Update\Install\{E0F3EBEF-8F92-49A6-986E-65A99B875F74}\29.0.1547.76_29.0.1547.66_chrome_updater.exe
() C:\Users\ALHOSS~1\AppData\Local\Temp\CR_A8481.tmp\setup.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-08-28] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [bLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-11-01] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Alhossain\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-09] (Google Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Alhossain\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-30] (Facebook Inc.)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {1f4aea6a-d02b-11e1-ad44-a0b3cc7ce22e} - F:\AutoRun.exe
MountPoints2: {1f4aea81-d02b-11e1-ad44-a0b3cc7ce22e} - F:\AutoRun.exe
MountPoints2: {df3572e7-d289-11e1-ab0f-a0b3cc7ce22e} - F:\AutoRun.exe
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-08-28] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [autodetect] - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [129872 2010-11-24] ()
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKLM - {FF11E677-ECFF-4560-8482-689799BD7077} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKLM-x32 - {FF11E677-ECFF-4560-8482-689799BD7077} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-111074-26712-11/4?satitle={searchTerms}
SearchScopes: HKCU - {FF11E677-ECFF-4560-8482-689799BD7077} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{663742FF-5073-4246-A195-1F9802B060B4}: [NameServer]86.51.35.18 86.51.34.18
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Alhossain\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Alhossain\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Alhossain\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Game Face Plugin) - C:\Users\Alhossain\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Adblock Plus) - C:\Users\ALHOSS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\ALHOSS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ALHOSS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR StartMenuInternet: Google Chrome - C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-10-30] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R3 hswpan; C:\Windows\system32\drivers\hswpan.sys [108288 2011-12-07] (Ozmo Inc)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-10-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-21] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-08-28] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-23 04:41 - 2013-09-23 04:41 - 00000000 ____D C:\FRST
2013-09-23 04:39 - 2013-09-23 04:39 - 01955550 _____ (Farbar) C:\Users\Alhossain\Downloads\FRST64.exe
2013-09-23 04:04 - 2013-09-23 04:04 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{EC662AF3-920E-46B6-B0C8-954785D0FC86}
2013-09-23 03:05 - 2013-09-23 04:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-19 04:49 - 2013-09-19 04:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alhossain\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 05:32 - 2013-09-17 05:32 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B1BD4D6E-E12B-4524-9EB7-01F484B33D58}
2013-09-16 07:39 - 2013-09-16 07:39 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B26B785C-058F-45DC-BA2E-C5DD307CD4BA}
2013-09-15 21:35 - 2013-09-15 21:35 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{07A9EF00-FCDA-4099-BD6B-4B96BDB962A9}
2013-09-15 05:28 - 2013-09-15 05:28 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{940E785A-F273-49F1-B778-53AE1B535EA0}
2013-09-13 07:13 - 2013-09-13 07:13 - 00001190 _____ C:\Users\Alhossain\Downloads\Brazil 1970 World Cup Updated (Diósgyőr, Nov 2012).tac
2013-09-13 07:08 - 2013-09-13 07:08 - 00001156 _____ C:\Users\Alhossain\Downloads\Brazil 1970A.tac
2013-09-13 06:45 - 2013-09-13 06:46 - 03351674 _____ C:\Users\Alhossain\Downloads\santos_fc.rar
2013-09-13 06:45 - 2013-09-13 06:46 - 01476526 _____ C:\Users\Alhossain\Downloads\Monaco - FRA.rar
2013-09-13 06:45 - 2013-09-13 06:45 - 01575206 _____ C:\Users\Alhossain\Downloads\Olympique Lyonnais (NF).rar
2013-09-13 06:44 - 2013-09-13 06:44 - 02923711 _____ C:\Users\Alhossain\Downloads\paris_saint-germain.rar
2013-09-13 06:14 - 2013-09-13 06:27 - 45852120 _____ C:\Users\Alhossain\Downloads\german_first_division.rar
2013-09-13 05:59 - 2013-09-13 06:02 - 28132600 _____ C:\Users\Alhossain\Downloads\logos-3d-hd-megapack-v13_by-fmscout.zip
2013-09-13 05:47 - 2013-09-13 05:47 - 01488667 _____ C:\Users\Alhossain\Downloads\FM13 Transfers & Data Update Pack 3.6 (by _pr0).zip
2013-09-12 04:29 - 2013-09-12 04:29 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{535C5268-ED6F-44F1-B7B2-02E2D6DF79EC}
2013-09-11 22:15 - 2013-08-09 23:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 22:15 - 2013-08-09 23:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 22:15 - 2013-08-09 23:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 22:15 - 2013-08-09 23:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 22:15 - 2013-08-09 23:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 22:15 - 2013-08-09 23:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 22:15 - 2013-08-09 23:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 22:15 - 2013-08-09 21:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 22:15 - 2013-08-09 21:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 22:15 - 2013-08-09 21:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 22:15 - 2013-08-09 21:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 22:15 - 2013-08-09 21:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 22:15 - 2013-08-09 20:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 22:15 - 2013-08-09 20:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 21:35 - 2013-08-07 19:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 21:35 - 2013-08-04 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 21:35 - 2013-08-01 20:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 21:35 - 2013-08-01 20:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 21:35 - 2013-08-01 20:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 21:35 - 2013-08-01 20:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 21:35 - 2013-08-01 20:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 21:35 - 2013-08-01 20:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 21:35 - 2013-08-01 20:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 21:35 - 2013-08-01 20:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 21:35 - 2013-08-01 20:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 21:35 - 2013-08-01 19:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 21:35 - 2013-08-01 19:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 21:35 - 2013-08-01 19:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 21:35 - 2013-08-01 19:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 21:35 - 2013-08-01 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 21:35 - 2013-08-01 18:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 21:35 - 2013-08-01 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 21:35 - 2013-08-01 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 21:35 - 2013-08-01 18:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 21:35 - 2013-08-01 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 21:35 - 2013-08-01 18:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 18:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 21:35 - 2013-08-01 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 21:35 - 2013-07-25 20:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 21:35 - 2013-07-25 20:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 21:35 - 2013-07-25 19:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 21:35 - 2013-07-25 19:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 21:21 - 2013-09-11 21:21 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{78BCC04C-7723-4D7F-8A3F-0D4128D3AA08}
2013-09-10 07:01 - 2013-09-19 07:29 - 00000000 ____D C:\Users\Alhossain\Documents\FIFA 14 Demo
2013-09-10 06:55 - 2013-09-10 06:55 - 00001268 _____ C:\Users\Public\Desktop\FIFA 14 Demo.lnk
2013-09-10 03:36 - 2013-09-10 03:37 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{8E598C3A-C07C-42E0-B013-6C765A7586C1}
2013-09-09 05:17 - 2013-09-09 05:17 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{36202875-D799-4A03-A2FF-F63DD46CF1C7}
2013-09-08 05:51 - 2013-09-08 05:51 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{FD2A2E74-B14A-421A-A2BD-99A1D219908A}
2013-09-07 15:59 - 2013-09-07 15:59 - 00181760 _____ C:\Users\Alhossain\Downloads\PH_Geo_1-3_Points,_Lines_and_Planes.ppt
2013-09-07 04:14 - 2013-09-07 04:14 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{1AB7357D-DFDF-4C5E-981C-69E8AF993F97}
2013-09-05 16:03 - 2013-09-05 16:03 - 00001015 _____ C:\Users\Alhossain\Downloads\82 (3).rar
2013-09-04 22:23 - 2013-09-04 22:23 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{82EB4415-A9A9-46C1-BFFB-47B52810E959}
2013-09-03 22:14 - 2013-09-03 22:14 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B701B0AE-0173-4158-AC14-D880BCC00798}
2013-09-03 03:31 - 2013-09-03 03:31 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{18B22780-F14F-4C92-A869-DF7DDFE0C104}
2013-09-02 03:35 - 2013-09-02 03:36 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B8014C1A-1A3C-439D-A9F7-6FC61AFBAD55}
2013-09-01 17:27 - 2013-09-01 17:27 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{D3EAED7F-CD65-43E3-A5B2-07FBB4B6CDE3}
2013-08-30 04:10 - 2013-08-30 04:10 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{0FBCE184-CAA6-4DFB-8992-0F9430788B83}
2013-08-28 06:02 - 2013-08-28 06:28 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-28 05:47 - 2013-08-28 05:47 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{F36DA6BF-6961-4A15-8214-A68E6C888274}
2013-08-27 17:16 - 2013-09-15 06:58 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAlhossain
2013-08-27 17:16 - 2013-09-15 06:58 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForAlhossain.job
2013-08-27 16:54 - 2013-08-27 16:54 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{E8901B0C-A91F-4C99-B002-9F93426109C5}
2013-08-27 05:29 - 2013-08-27 05:29 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{6A46EB57-3B7C-4C36-BA70-5D7BCE63F711}
2013-08-26 08:25 - 2013-08-26 08:25 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{D61A76C0-B45C-4385-83E8-C75F6BA2C72B}
2013-08-25 19:05 - 2013-08-25 19:05 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{9A3500DB-2BAF-4DA1-8E03-9F8A6C65F3A7}
2013-08-25 05:20 - 2013-08-25 05:20 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{00E322F6-9112-4B02-BA5D-56142E46645D}
2013-08-24 01:48 - 2013-08-24 01:48 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{E3E6AEB3-2905-43F8-A4DA-3D0A98939202}
 
==================== One Month Modified Files and Folders =======
 
2013-09-23 06:01 - 2012-07-09 22:53 - 00000000 ____D C:\Users\Alhossain\AppData\Roaming\vlc
2013-09-23 06:01 - 2012-07-09 19:08 - 00000000 ____D C:\Users\Alhossain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-23 06:01 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-09-23 06:01 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-23 06:00 - 2011-02-10 13:23 - 00000000 ____D C:\SWSetup
2013-09-23 04:41 - 2013-09-23 04:41 - 00000000 ____D C:\FRST
2013-09-23 04:41 - 2012-09-24 11:08 - 00000000 ____D C:\Users\Alhossain\Documents\Installations
2013-09-23 04:41 - 2012-07-09 19:08 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000UA.job
2013-09-23 04:39 - 2013-09-23 04:39 - 01955550 _____ (Farbar) C:\Users\Alhossain\Downloads\FRST64.exe
2013-09-23 04:36 - 2012-07-10 00:50 - 01282052 _____ C:\Windows\WindowsUpdate.log
2013-09-23 04:35 - 2013-09-23 03:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-23 04:31 - 2009-07-13 22:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 04:31 - 2009-07-13 22:45 - 00031472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 04:26 - 2012-09-19 06:54 - 00000000 ____D C:\Users\Alhossain\AppData\Roaming\Sports Interactive
2013-09-23 04:26 - 2012-08-30 07:21 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000UA.job
2013-09-23 04:24 - 2012-09-16 17:43 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-23 04:24 - 2012-07-10 20:23 - 00000000 ____D C:\Users\Alhossain\Tracing
2013-09-23 04:23 - 2010-11-20 21:47 - 00767266 _____ C:\Windows\PFRO.log
2013-09-23 04:23 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 04:23 - 2009-07-13 22:51 - 00107403 _____ C:\Windows\setupact.log
2013-09-23 04:22 - 2013-02-28 13:50 - 00000000 ____D C:\Program Files (x86)\BrowseToSave
2013-09-23 04:20 - 2013-01-22 16:15 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-23 04:20 - 2012-08-28 15:49 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-23 04:19 - 2013-03-02 13:14 - 00000000 ____D C:\ProgramData\BroiWse2save
2013-09-23 04:19 - 2013-02-28 13:50 - 00000000 ____D C:\ProgramData\Browwsse2saVee
2013-09-23 04:11 - 2012-07-10 20:25 - 00000000 ____D C:\Users\Alhossain\AppData\Roaming\Skype
2013-09-23 04:09 - 2009-07-13 23:13 - 00728260 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 04:04 - 2013-09-23 04:04 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{EC662AF3-920E-46B6-B0C8-954785D0FC86}
2013-09-23 04:02 - 2012-07-10 00:50 - 00000000 ____D C:\Users\Alhossain
2013-09-22 15:22 - 2012-07-09 22:51 - 00000000 ____D C:\Users\Alhossain\AppData\Local\CrashDumps
2013-09-19 07:29 - 2013-09-10 07:01 - 00000000 ____D C:\Users\Alhossain\Documents\FIFA 14 Demo
2013-09-19 07:29 - 2012-07-10 22:50 - 00000000 ____D C:\Users\Alhossain\Documents\Youcam
2013-09-19 07:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-19 04:49 - 2013-09-19 04:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alhossain\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-17 05:32 - 2013-09-17 05:32 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B1BD4D6E-E12B-4524-9EB7-01F484B33D58}
2013-09-16 07:39 - 2013-09-16 07:39 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B26B785C-058F-45DC-BA2E-C5DD307CD4BA}
2013-09-15 21:35 - 2013-09-15 21:35 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{07A9EF00-FCDA-4099-BD6B-4B96BDB962A9}
2013-09-15 14:43 - 2012-07-09 19:08 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000Core.job
2013-09-15 07:26 - 2012-08-30 07:21 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000Core.job
2013-09-15 06:58 - 2013-08-27 17:16 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAlhossain
2013-09-15 06:58 - 2013-08-27 17:16 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForAlhossain.job
2013-09-15 05:36 - 2013-03-29 03:29 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3CADE3D2-D897-44E1-BE80-4C7AF2B343C8}
2013-09-15 05:28 - 2013-09-15 05:28 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{940E785A-F273-49F1-B778-53AE1B535EA0}
2013-09-13 07:13 - 2013-09-13 07:13 - 00001190 _____ C:\Users\Alhossain\Downloads\Brazil 1970 World Cup Updated (Diósgyőr, Nov 2012).tac
2013-09-13 07:08 - 2013-09-13 07:08 - 00001156 _____ C:\Users\Alhossain\Downloads\Brazil 1970A.tac
2013-09-13 06:46 - 2013-09-13 06:45 - 03351674 _____ C:\Users\Alhossain\Downloads\santos_fc.rar
2013-09-13 06:46 - 2013-09-13 06:45 - 01476526 _____ C:\Users\Alhossain\Downloads\Monaco - FRA.rar
2013-09-13 06:45 - 2013-09-13 06:45 - 01575206 _____ C:\Users\Alhossain\Downloads\Olympique Lyonnais (NF).rar
2013-09-13 06:44 - 2013-09-13 06:44 - 02923711 _____ C:\Users\Alhossain\Downloads\paris_saint-germain.rar
2013-09-13 06:27 - 2013-09-13 06:14 - 45852120 _____ C:\Users\Alhossain\Downloads\german_first_division.rar
2013-09-13 06:02 - 2013-09-13 05:59 - 28132600 _____ C:\Users\Alhossain\Downloads\logos-3d-hd-megapack-v13_by-fmscout.zip
2013-09-13 05:47 - 2013-09-13 05:47 - 01488667 _____ C:\Users\Alhossain\Downloads\FM13 Transfers & Data Update Pack 3.6 (by _pr0).zip
2013-09-12 10:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 05:57 - 2012-09-11 13:16 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-12 04:41 - 2012-08-31 16:50 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 04:29 - 2013-09-12 04:29 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{535C5268-ED6F-44F1-B7B2-02E2D6DF79EC}
2013-09-12 04:28 - 2012-07-09 18:55 - 00000000 ___RD C:\Users\Alhossain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 04:28 - 2012-07-09 18:55 - 00000000 ___RD C:\Users\Alhossain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 04:27 - 2009-07-13 22:45 - 00344768 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 22:15 - 2013-07-20 10:36 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 22:13 - 2012-07-10 20:09 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 22:13 - 2012-07-09 22:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:21 - 2013-09-11 21:21 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{78BCC04C-7723-4D7F-8A3F-0D4128D3AA08}
2013-09-11 10:14 - 2013-08-19 07:46 - 00003060 _____ C:\Windows\System32\Tasks\WebReg HP Officejet 4500 G510n-z
2013-09-11 10:14 - 2013-08-19 07:46 - 00000332 _____ C:\Windows\Tasks\WebReg HP Officejet 4500 G510n-z.job
2013-09-10 06:55 - 2013-09-10 06:55 - 00001268 _____ C:\Users\Public\Desktop\FIFA 14 Demo.lnk
2013-09-10 06:54 - 2012-02-09 21:05 - 00158767 _____ C:\Windows\DirectX.log
2013-09-10 03:59 - 2012-09-11 13:18 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-09-10 03:56 - 2012-09-11 13:18 - 00000000 ____D C:\Users\Alhossain\AppData\Roaming\Origin
2013-09-10 03:56 - 2012-09-11 13:16 - 00000000 ____D C:\ProgramData\Origin
2013-09-10 03:51 - 2012-09-11 13:18 - 00000000 ____D C:\Users\Alhossain\AppData\Local\Origin
2013-09-10 03:37 - 2013-09-10 03:36 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{8E598C3A-C07C-42E0-B013-6C765A7586C1}
2013-09-09 05:17 - 2013-09-09 05:17 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{36202875-D799-4A03-A2FF-F63DD46CF1C7}
2013-09-08 05:51 - 2013-09-08 05:51 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{FD2A2E74-B14A-421A-A2BD-99A1D219908A}
2013-09-07 15:59 - 2013-09-07 15:59 - 00181760 _____ C:\Users\Alhossain\Downloads\PH_Geo_1-3_Points,_Lines_and_Planes.ppt
2013-09-07 04:14 - 2013-09-07 04:14 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{1AB7357D-DFDF-4C5E-981C-69E8AF993F97}
2013-09-05 16:03 - 2013-09-05 16:03 - 00001015 _____ C:\Users\Alhossain\Downloads\82 (3).rar
2013-09-04 22:23 - 2013-09-04 22:23 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{82EB4415-A9A9-46C1-BFFB-47B52810E959}
2013-09-03 22:14 - 2013-09-03 22:14 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B701B0AE-0173-4158-AC14-D880BCC00798}
2013-09-03 03:31 - 2013-09-03 03:31 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{18B22780-F14F-4C92-A869-DF7DDFE0C104}
2013-09-02 22:15 - 2012-07-18 17:05 - 00000000 ____D C:\Users\Alhossain\Documents\Alhossain
2013-09-02 03:36 - 2013-09-02 03:35 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{B8014C1A-1A3C-439D-A9F7-6FC61AFBAD55}
2013-09-01 17:27 - 2013-09-01 17:27 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{D3EAED7F-CD65-43E3-A5B2-07FBB4B6CDE3}
2013-08-31 17:57 - 2009-07-13 23:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-30 10:22 - 2012-09-27 05:52 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2013-08-30 10:22 - 2012-09-19 06:54 - 00000000 ____D C:\Users\Alhossain\Documents\Sports Interactive
2013-08-30 04:10 - 2013-08-30 04:10 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{0FBCE184-CAA6-4DFB-8992-0F9430788B83}
2013-08-28 06:28 - 2013-08-28 06:02 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-28 05:47 - 2013-08-28 05:47 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{F36DA6BF-6961-4A15-8214-A68E6C888274}
2013-08-27 16:54 - 2013-08-27 16:54 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{E8901B0C-A91F-4C99-B002-9F93426109C5}
2013-08-27 15:25 - 2013-08-23 16:51 - 00000000 ____D C:\Users\Alhossain\AppData\Roaming\BitTorrent Sync
2013-08-27 05:29 - 2013-08-27 05:29 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{6A46EB57-3B7C-4C36-BA70-5D7BCE63F711}
2013-08-26 08:25 - 2013-08-26 08:25 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{D61A76C0-B45C-4385-83E8-C75F6BA2C72B}
2013-08-25 19:05 - 2013-08-25 19:05 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{9A3500DB-2BAF-4DA1-8E03-9F8A6C65F3A7}
2013-08-25 05:20 - 2013-08-25 05:20 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{00E322F6-9112-4B02-BA5D-56142E46645D}
2013-08-24 01:48 - 2013-08-24 01:48 - 00000000 ____D C:\Users\Alhossain\AppData\Local\{E3E6AEB3-2905-43F8-A4DA-3D0A98939202}
 
Some content of TEMP:
====================
C:\Users\Alhossain\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Alhossain\AppData\Local\Temp\Extract.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Alhossain\AppData\Local\Temp\ResetDevice.exe
C:\Users\Alhossain\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alhossain\AppData\Local\Temp\SP55975.exe
C:\Users\Alhossain\AppData\Local\Temp\SP56478.exe
C:\Users\Alhossain\AppData\Local\Temp\SP56750.exe
C:\Users\Alhossain\AppData\Local\Temp\SP56801.exe
C:\Users\Alhossain\AppData\Local\Temp\SP56803.exe
C:\Users\Alhossain\AppData\Local\Temp\SP56929.exe
C:\Users\Alhossain\AppData\Local\Temp\SP56959.exe
C:\Users\Alhossain\AppData\Local\Temp\SP57090.exe
C:\Users\Alhossain\AppData\Local\Temp\SP57232.exe
C:\Users\Alhossain\AppData\Local\Temp\SP57482.exe
C:\Users\Alhossain\AppData\Local\Temp\SP57698.exe
C:\Users\Alhossain\AppData\Local\Temp\SP57976.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58514.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58516.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58517.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58519.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58576.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58577.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58641.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58880.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58895.exe
C:\Users\Alhossain\AppData\Local\Temp\sp58915.exe
C:\Users\Alhossain\AppData\Local\Temp\SP58938.exe
C:\Users\Alhossain\AppData\Local\Temp\SP59202.exe
C:\Users\Alhossain\AppData\Local\Temp\SP60051.exe
C:\Users\Alhossain\AppData\Local\Temp\SP60109.exe
C:\Users\Alhossain\AppData\Local\Temp\SP61037.exe
C:\Users\Alhossain\AppData\Local\Temp\SP62218.exe
C:\Users\Alhossain\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Alhossain\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-21 03:36
 
==================== End Of Log ============================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-09-2013
Ran by Alhossain at 2013-09-23 04:42:53
Running from C:\Users\Alhossain\Documents\Installations
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs ======================
 
4500_G510nz_Help (x32 Version: 000.0.439.000)
4500G510nz (x32 Version: 000.0.439.000)
4500G510nz_Software_Min (x32 Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Anki (x32)
BrowseToSave (Version: 1.0)
BufferChm (x32 Version: 130.0.331.000)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
CyberLink YouCam (x32 Version: 3.5.2.4725)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.372.000)
DMUninstaller (x32)
DocMgr (x32 Version: 130.0.000.000)
DocProc (x32 Version: 13.0.0.0)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU Version: 1.8.0.0)
ESU for Microsoft Windows 7 SP1 (x32 Version: 4.1.2)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fax (x32 Version: 130.0.418.000)
FIFA 13 Demo (x32 Version: 1.0.0.0)
FIFA 14 Demo (x32 Version: 1.0.0.0)
FIFA MANAGER 12 Demo (x32 Version: 1.0.0.0)
FIFA Manager 13 Demo (x32 Version: 1.0.0.0)
Football Manager 2012 Demo (x32)
Football Manager 2013 (x32)
Football Manager 2013 Editor (x32)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (HKCU Version: 29.0.1547.66)
GPBaseService2 (x32 Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Documentation (x32 Version: 1.1.0.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510n-z (Version: 13.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.7.2)
HP Recovery Manager (x32 Version: 2.0.0)
HP Security Assistant (Version: 3.0.4)
HP Setup (x32 Version: 9.0.15109.3899)
HP Setup Manager (x32 Version: 1.2.14901.3869)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Software Framework (x32 Version: 4.6.10.1)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
IDT Audio (x32 Version: 1.0.6417.0)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2843)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.2.0.0284)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.1.1.0153)
Intel® Rapid Storage Technology (x32 Version: 11.5.4.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Intel® WiDi (x32 Version: 3.0.12.0)
Intel® Wireless Display
Intel® Wireless Music device driver (Version: 1.5.5310.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.02.0000.1258)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java 7 Update 5 (64-bit) (Version: 7.0.50)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
MarketResearch (x32 Version: 130.0.374.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobily Connect Card (x32 Version: 1.0.0.1)
Mobily Connect Card (x32 Version: 11.300.05.07.82)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 130.0.374.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
opensource (x32 Version: 1.0.14960.3876)
Origin (x32 Version: 9.0.2.2065)
Pando Media Booster (x32 Version: 2.6.0.8)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29004)
Scan (x32 Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.5 (x32 Version: 6.5.158)
SmartWebPrinting (x32 Version: 130.0.373.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.373.000)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.0.1.0)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
VLC media player 2.0.2 (x32 Version: 2.0.2)
WebCake 3.00 (Version: 3.00)
WebReg (x32 Version: 130.0.132.017)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
 
==================== Restore Points  =========================
 
11-09-2013 11:30:04 Windows Update
12-09-2013 04:06:18 Windows Update
16-09-2013 03:41:56 Windows Update
19-09-2013 10:46:44 Windows Update
19-09-2013 11:32:06 Windows Update
19-09-2013 11:41:05 HPSF Applying updates
19-09-2013 12:15:41 HPSF Applying updates
22-09-2013 13:19:00 Windows Update
23-09-2013 10:18:56 Windows Update
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1628AED3-0B1F-44EC-820E-870C35E0F15B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000UA => C:\Users\Alhossain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09] (Google Inc.)
Task: {25D5482A-EAE0-4628-853C-86BC6301625B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000Core => C:\Users\Alhossain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09] (Google Inc.)
Task: {2C3D3AAC-C37C-4BF7-B1FA-9B50C53B5D5F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000UA => C:\Users\Alhossain\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-30] (Facebook Inc.)
Task: {3A6C787C-B5B3-467B-BA15-638BA52BD6D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {47A0AD79-53E8-4BF4-A5BF-74CCA708F6AE} - System32\Tasks\HPCeeScheduleForAlhossain => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {53B6D744-A7CB-4B14-B453-2BAC57AF2223} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5A2500DD-F5F6-47FF-B80D-029A3137C759} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {671E7201-3EA0-4C17-B54E-593D50060845} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-10] (Microsoft Corporation)
Task: {7F8313E0-E514-4541-9B3C-898F8D8F906B} - System32\Tasks\WebReg HP Officejet 4500 G510n-z => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-21] (Hewlett-Packard Company)
Task: {98412558-2FB8-4ADA-A5F3-04488A2F0A44} - System32\Tasks\User_Feed_Synchronization-{3CADE3D2-D897-44E1-BE80-4C7AF2B343C8} => C:\Windows\system32\msfeedssync.exe [2013-03-28] (Microsoft Corporation)
Task: {C4A091FA-771A-426C-A1B2-4C006B22E7F4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
Task: {C979AADC-629E-466D-9668-B96D5A6AFFBB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000Core => C:\Users\Alhossain\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-30] (Facebook Inc.)
Task: {EA0F5618-206E-4F42-A7D6-A26F3541317B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-857169787-660880240-1850220706-1000
Task: {F3944335-2750-44F3-8274-B9AEC941B619} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000Core.job => C:\Users\Alhossain\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000UA.job => C:\Users\Alhossain\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000Core.job => C:\Users\Alhossain\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857169787-660880240-1850220706-1000UA.job => C:\Users\Alhossain\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAlhossain.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\WebReg HP Officejet 4500 G510n-z.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-13 18:22 - 2009-07-13 19:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-10-30 09:38 - 2012-10-30 09:38 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-01-05 19:24 - 2012-01-05 19:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-01 08:28 - 2012-11-01 08:27 - 00656896 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2013-03-12 17:10 - 2013-08-21 16:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-09-16 17:49 - 2013-09-06 14:55 - 01120680 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-09-16 17:49 - 2013-08-07 13:31 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-16 17:49 - 2013-06-14 17:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-16 17:49 - 2013-06-14 17:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-16 17:49 - 2013-06-14 17:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 00054784 _____ (Hewlett-Packard) C:\Windows\system32\hpzipr12.dll
2012-07-10 22:48 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2012-07-10 22:48 - 2012-05-25 04:25 - 00253952 _____ (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YImage.dll
2012-07-10 22:48 - 2012-05-25 04:29 - 01417216 _____ (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\resources\en-CA\res_msgr.dll
2013-09-05 03:44 - 2013-09-02 14:34 - 47074256 _____ (Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome.dll
2013-09-05 03:44 - 2013-09-02 14:35 - 09962960 _____ (The ICU Project) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\icudt.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 03:44 - 2013-09-02 12:46 - 03231688 _____ (Microsoft Corporation) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\D3DCompiler_46.dll
2013-09-05 03:44 - 2013-09-02 14:35 - 00709584 _____ () C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-05 03:44 - 2013-09-02 14:35 - 00099792 _____ () C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-05 03:44 - 2013-09-02 14:35 - 04053456 _____ () C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-05 03:44 - 2013-09-02 14:35 - 00410576 _____ () C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-05 03:44 - 2013-09-02 14:35 - 02110928 _____ (Google Inc.) C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll
2013-09-05 03:44 - 2013-09-02 14:35 - 01604560 _____ () C:\Users\Alhossain\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/23/2013 04:23:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 04:03:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 03:15:06 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
Error: (09/23/2013 02:34:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 02:08:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 02:03:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 01:47:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 01:23:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 01:19:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/22/2013 03:22:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 13.3.3.31972, time stamp: 0x514c8b4d
Faulting module name: fm.exe, version: 13.3.3.31972, time stamp: 0x514c8b4d
Exception code: 0xc0000005
Fault offset: 0x014dbcc0
Faulting process id: 0x940
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3
 
 
System errors:
=============
Error: (09/23/2013 04:24:25 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/23/2013 04:24:12 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:24:11 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:23:40 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:23:33 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:23:33 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:23:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:22:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:22:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (09/23/2013 04:22:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.159.444.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (09/23/2013 04:23:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 04:03:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 03:15:06 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
 
Error: (09/23/2013 02:34:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 02:08:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 02:03:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 01:47:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 01:23:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2013 01:19:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/22/2013 03:22:27 PM) (Source: Application Error)(User: )
Description: fm.exe13.3.3.31972514c8b4dfm.exe13.3.3.31972514c8b4dc0000005014dbcc094001ceb770e6b5187bC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe14118eb0-23cd-11e3-839c-685d4308a330
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 6042.36 MB
Available physical RAM: 3878.41 MB
Total Pagefile: 12082.89 MB
Available Pagefile: 9540.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:676.24 GB) (Free:582.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:22.1 GB) (Free:2.35 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 29E36412)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)
 
==================== End Of Log ============================
Link to post
Share on other sites

Thanks for the logs, ok do the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

 

  •  

     

  • Double click on AdwCleaner.exe to run the tool.

     

     

  • Vista/Windows 7/8 users right-click and select Run As Administrator

     

     

  • Click on the Scan button.

     

     

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

     

     

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

     

     

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

     

     

  • Look over the log especially under Files/Folders for any program you want to save.

     

     

  • If there's a program you want to save, just uncheck it from AdwCleaner.

     

     

  • If you're not sure, post the log for review.

     

     

  • If you're ready to clean it all up.....click the Clean button.

     

     

  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

     

     

  • Copy and paste the contents of that logfile in your next reply.

     

     

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

     

     

  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

     

     

  • To restore an item that has been deleted (if necessary):

     

     

  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

     

     

 

 

Next,

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

 

  •  

     

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

     

     

  • click on the Run ESET Online Scanner button

     

     

  • Tick the box next to YES, I accept the Terms of Use.

     

    Click Start

     

  • When asked, allow the add/on to be installed

     

    Click Start

     

  • Make sure that the option Remove found threats is unticked

     

     

  • Click on Advanced Settings, ensure the options

     

     

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

     

    Click Scan

     

  • wait for the virus definitions to be downloaded

     

     

  • Wait for the scan to finish

     

     

 

 

When the scan is complete

 

 

  •  

     

  • If no threats were found

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • close program

     

     

  • report to me that nothing was found

     

     

 

 

If threats were found

 

 

  •  

     

  • click on "list of threats found"

     

     

  • click on "export to text file" and save it as ESET SCAN and save to the desktop

     

     

  • Click on back

     

     

  • put a checkmark in "Uninstall application on close"

     

     

  • click on finish

     

     

 

 

close program

 

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs in next reply....

 

Kevin...

fixlist.txt

Link to post
Share on other sites

Thanks for the reply, but before I persist with any of these steps I want to go more in depth regarding the situation.

 

Today, I opened my laptop and like the previous times, MSE wont turn on, there was a loading circle on the 4 bars of connection, HP assistant would not open and if i attempted to open some programs my start menu would freeze. Internet explorer won't open either. I tried to open service that froze the menu as well. 

 

I thought I'd let you know, Im going to start with the steps above and I'll post my logs. But if it doesnt work in normal mode, should i go safe mode with networking? When i went in safe mode with networking and removed 32 infections my laptop would turn black with a moving cursor (used malwarebytes)

Link to post
Share on other sites

I'd also like to add to the above post that when i open my laptop an on screen keyboard appears, now it doesn't.

 

I'm currently in safe mode with networking atm, when i tried it in normal windows windows would freeze after 5-10 min. I'm going to do the steps above now. If windows doesn't start after doing all this in safe mode, ill do system restore like the 2 previous times and do the whole thing over, in normal windows.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2013

Ran by Alhossain at 2013-09-24 06:02:06 Run:1

Running from C:\Users\Alhossain\Documents\Installations

Boot Mode: Safe Mode (with Networking)

==============================================

 

Content of fixlist:

*****************

Start

Hosts: Hosts file not detected in the default directory

C:\Users\Alhossain\AppData\Local\Temp\DataCard_Setup64.exe

C:\Users\Alhossain\AppData\Local\Temp\Extract.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Alhossain\AppData\Local\Temp\ResetDevice.exe

C:\Users\Alhossain\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Alhossain\AppData\Local\Temp\SP55975.exe

C:\Users\Alhossain\AppData\Local\Temp\SP56478.exe

C:\Users\Alhossain\AppData\Local\Temp\SP56750.exe

C:\Users\Alhossain\AppData\Local\Temp\SP56801.exe

C:\Users\Alhossain\AppData\Local\Temp\SP56803.exe

C:\Users\Alhossain\AppData\Local\Temp\SP56929.exe

C:\Users\Alhossain\AppData\Local\Temp\SP56959.exe

C:\Users\Alhossain\AppData\Local\Temp\SP57090.exe

C:\Users\Alhossain\AppData\Local\Temp\SP57232.exe

C:\Users\Alhossain\AppData\Local\Temp\SP57482.exe

C:\Users\Alhossain\AppData\Local\Temp\SP57698.exe

C:\Users\Alhossain\AppData\Local\Temp\SP57976.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58514.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58516.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58517.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58519.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58576.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58577.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58641.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58880.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58895.exe

C:\Users\Alhossain\AppData\Local\Temp\sp58915.exe

C:\Users\Alhossain\AppData\Local\Temp\SP58938.exe

C:\Users\Alhossain\AppData\Local\Temp\SP59202.exe

C:\Users\Alhossain\AppData\Local\Temp\SP60051.exe

C:\Users\Alhossain\AppData\Local\Temp\SP60109.exe

C:\Users\Alhossain\AppData\Local\Temp\SP61037.exe

C:\Users\Alhossain\AppData\Local\Temp\SP62218.exe

C:\Users\Alhossain\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Alhossain\AppData\Local\Temp\UninstallHPSA.exe

End

 

*****************

 

Hosts was reset successfully.

C:\Users\Alhossain\AppData\Local\Temp\DataCard_Setup64.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\Extract.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\ResetDevice.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP55975.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP56478.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP56750.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP56801.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP56803.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP56929.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP56959.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP57090.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP57232.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP57482.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP57698.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP57976.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58514.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58516.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58517.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58519.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58576.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58577.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58641.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58880.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58895.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\sp58915.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP58938.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP59202.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP60051.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP60109.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP61037.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\SP62218.exe => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.

C:\Users\Alhossain\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

 

==== End of Fixlog ====
Link to post
Share on other sites

# AdwCleaner v3.005 - Report created 24/09/2013 at 06:04:21

# Updated 22/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Alhossain - ALHOSSAIN-HP

# Running from : C:\Users\Alhossain\Documents\Installations\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\SearchPredict

Folder Found C:\ProgramData\BroiWse2save

Folder Found C:\ProgramData\Browwsse2saVee

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BroiWse2save

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BroiWse2save

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browwsse2saVee

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browwsse2saVee

Folder Found C:\ProgramData\SoftSafe

Folder Found C:\Users\Alhossain\AppData\Local\cre

Folder Found C:\Users\Alhossain\AppData\LocalLow\BroiWse2save

Folder Found C:\Users\Alhossain\AppData\LocalLow\Browwsse2saVee

Folder Found C:\Users\Alhossain\AppData\LocalLow\Conduit

Folder Found C:\Users\Alhossain\AppData\LocalLow\Toolbar4

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}

Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Alhossain\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************


# AdwCleaner v3.005 - Report created 24/09/2013 at 06:07:54

# Updated 22/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Alhossain - ALHOSSAIN-HP

# Running from : C:\Users\Alhossain\Documents\Installations\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\SoftSafe

Folder Deleted : C:\ProgramData\BroiWse2save

Folder Deleted : C:\ProgramData\Browwsse2saVee

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BroiWse2save

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browwsse2saVee

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\SearchPredict

Folder Deleted : C:\Users\Alhossain\AppData\Local\cre

Folder Deleted : C:\Users\Alhossain\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Alhossain\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\Alhossain\AppData\LocalLow\BroiWse2save

Folder Deleted : C:\Users\Alhossain\AppData\LocalLow\Browwsse2saVee

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16686

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Alhossain\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [4796 octets] - [24/09/2013 06:04:21]

AdwCleaner[s0].txt - [4304 octets] - [24/09/2013 06:07:54]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4364 octets] ##########

 


AdwCleaner[R0].txt - [4624 octets] - [24/09/2013 06:04:21]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4684 octets] ##########
Link to post
Share on other sites

ESET SCAN

 

C:\Program Files\Uninstaller\Uninstall.exe MSIL/DomaIQ.A application

C:\Program Files (x86)\BrowseToSave\uninstall.exe Win32/SProtector.B application

C:\Users\Alhossain\Documents\Football matches\Real Madrid vs Manchester United 2003\2003_-_Manchester_United_vs_Real_Madrid_(4Dfoot.com).part2.rar.exe Win32/InstalleRex.E application

C:\Users\Alhossain\Documents\Installations\winrar.exe multiple threats

C:\Users\Alhossain\Downloads\2003_-_Manchester_United_vs_Real_Madrid_(4Dfoot.com).part1.rar.exe Win32/InstalleRex.E application

C:\Users\Alhossain\Downloads\2003_-_Manchester_United_vs_Real_Madrid_(4Dfoot.com).part2.rar.exe Win32/InstalleRex.E application
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.73  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 JavaFX 2.1.1    

 Java 7 Update 25  

 Adobe Flash Player 11.8.800.94  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Google Chrome 29.0.1547.66  

 Google Chrome 29.0.1547.76  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Boot into Normal mode and see how your system responds.. if ok continue:

 

Only two of the entries from ESET log require attention, the others are up to yourself, either keep or delete, Uninstall the following via start > control panel > uninstall a program:

Uninstaller
BrowseToSave

Next,

Adobe Reader is outdated...
Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

Let me know if those steps complete OK, also if any remaining issues or concerns...

Kevin..

Link to post
Share on other sites

Boot to Normal mode and update Adobe and Java, still in Normal mode run the following:

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :Filesipconfig /flushdns /cC:\Program Files\UninstallerC:\Program Files (x86)\BrowseToSave:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.