Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop running slow, fan runs hot

Started by Mich73 , Dec 03 2013 11:31 PM

  • Please log in to reply

#1
Mich73
Posted 03 December 2013 - 11:31 PM

Mich73

    Member

  • Member
  • PipPip
  • 57 posts
I have been trying to research some of the issues I am having. It started with my laptop fan running hot and fast. I checked my processes that are running and was working on trying to eliminate what I could without touching the ones I was not sure about. My laptop has been freezing up a bit, mouse is jerking and the speed is slow. I keep running malware, spybot and MSE even in safemode and they are not finding anything. I can tell there is something going on with it. I think some of these programs or some program running is what is causing the fan to run high. It is runs high off and on, even with everything closed.

I sorted by CPU usage in task manager and there are a few things that flash and disappear.

I updated my bios, cleaned all my vent areas. I just ran a hijack this log and I see some suspicious things. So I thought I would come here.

Here is my OTL log.

Thanks!

OTL logfile created on: 12/4/2013 12:23:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mom laptop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.92% Memory free
7.90 Gb Paging File | 6.31 Gb Available in Paging File | 79.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 577.69 Gb Total Space | 507.57 Gb Free Space | 87.86% Space Free | Partition Type: NTFS
Drive D: | 14.32 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.94 Gb Free Space | 99.60% Space Free | Partition Type: FAT32

Computer Name: MOMLAPTOP-HP | User Name: mom laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mom laptop\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\mom laptop\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\mom laptop\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{00216C87-4CF9-44B3-AD44-7F87426E669C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{00216C87-4CF9-44B3-AD44-7F87426E669C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {A0DA5771-C3C1-4869-9742-08600539939A}
IE - HKCU\..\SearchScopes\{A0DA5771-C3C1-4869-9742-08600539939A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\MOMLAP~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/12/01 14:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/05 22:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 22:01:34 | 000,000,000 | ---D | M]

[2011/11/16 22:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mom laptop\AppData\Roaming\Mozilla\Extensions
[2013/11/05 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 22:01:29 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/05 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/05 22:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/21 06:34:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/21 12:33:57 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/06/01 15:35:28 | 000,002,566 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml

========== Chrome ==========


O1 HOSTS File: ([2013/10/13 18:08:00 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizo...VoiceVMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3E83685-13AE-4AC5-89C0-6C4E8159D6BA}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/04 00:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/12/04 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/12/03 23:27:01 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/12/03 23:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/12/03 23:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/12/03 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Ultimate Troubleshooter
[2013/12/03 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Ultimate Troubleshooter
[2013/12/03 21:35:42 | 001,753,088 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExGrid.dll
[2013/12/03 21:35:41 | 000,614,400 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExButton.dll
[2013/12/03 21:35:40 | 000,602,112 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExMenu.dll
[2013/12/03 21:35:40 | 000,516,096 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExTab.dll
[2013/12/03 21:35:40 | 000,307,200 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExPMenu.dll
[2013/12/03 21:35:22 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eSellerateEngine.dll
[2013/12/03 21:35:22 | 000,118,784 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eWebControl.dll
[2013/12/03 21:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2013/12/03 21:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnswersThatWork
[2013/12/03 18:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/12/03 18:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/12/03 07:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2013/12/03 07:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2013/12/03 07:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/12/01 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/12/01 15:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/01 14:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/30 17:18:39 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Roxio Log Files
[2013/11/30 14:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/11/30 14:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2013/11/29 09:22:36 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/05 22:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/11 10:39:20 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\mom laptop\AppData\Local\BcsKtYcHW.dll

========== Files - Modified Within 30 Days ==========

[2013/12/04 00:21:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 00:21:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 00:19:28 | 000,796,158 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/04 00:19:28 | 000,671,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/04 00:19:28 | 000,126,658 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/04 00:18:59 | 000,011,096 | ---- | M] () -- C:\Users\mom laptop\Desktop\hijackthis 1242013
[2013/12/04 00:17:32 | 000,002,999 | ---- | M] () -- C:\Users\mom laptop\Desktop\HiJackThis.lnk
[2013/12/04 00:14:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/04 00:13:59 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 23:30:06 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2013/12/03 23:30:06 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
[2013/12/03 23:27:01 | 000,000,967 | ---- | M] () -- C:\Users\mom laptop\Desktop\SpeedFan.lnk
[2013/12/03 23:26:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/12/03 22:47:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormom laptop.job
[2013/12/03 21:36:28 | 000,001,151 | ---- | M] () -- C:\Users\mom laptop\Desktop\The Ultimate Troubleshooter.lnk
[2013/12/03 20:56:20 | 000,154,646 | ---- | M] () -- C:\Users\mom laptop\Desktop\1484765_10200825433470536_188052261_n.jpg
[2013/12/03 18:21:28 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/12/02 14:48:23 | 000,110,360 | ---- | M] () -- C:\Users\mom laptop\Desktop\christmas concentration.jpg
[2013/12/02 14:48:23 | 000,110,360 | ---- | M] () -- C:\Users\mom laptop\Desktop\1402799_10153603824720595_871207528_o.jpg
[2013/11/30 19:36:42 | 000,014,383 | ---- | M] () -- C:\Users\mom laptop\Desktop\s0379920_sc7.jpg
[2013/11/30 17:24:25 | 000,001,397 | ---- | M] () -- C:\Users\mom laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/30 14:47:17 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/11/30 13:02:31 | 000,007,626 | ---- | M] () -- C:\Users\mom laptop\AppData\Local\Resmon.ResmonCfg
[2013/11/29 18:16:22 | 000,060,628 | ---- | M] () -- C:\Users\mom laptop\Desktop\996067_766561486703387_995244838_n.jpg
[2013/11/29 09:25:34 | 000,785,164 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/29 09:19:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/25 13:51:33 | 000,084,834 | ---- | M] () -- C:\Users\mom laptop\Desktop\IMG_20131125_134655.jpg
[2013/11/22 13:22:10 | 000,066,567 | ---- | M] () -- C:\Users\mom laptop\Desktop\207280_201046366602920_6876636_n.jpg
[2013/11/19 09:22:21 | 000,079,199 | ---- | M] () -- C:\Users\mom laptop\Desktop\1441261_10201429486871949_624032163_n.jpg
[2013/11/16 19:08:38 | 000,174,426 | ---- | M] () -- C:\Users\mom laptop\Desktop\santas_helper_512.png
[2013/11/15 21:45:44 | 000,004,096 | ---- | M] () -- C:\Users\mom laptop\Desktop\1394012_10202408276671188_1937483348_n.jpg
[2013/11/12 09:28:23 | 003,643,392 | ---- | M] () -- C:\Users\mom laptop\Desktop\RogueKiller.exe
[2013/11/05 22:44:19 | 000,036,357 | ---- | M] () -- C:\Users\mom laptop\Desktop\941302_748233091869560_898741588_n.jpg
[2013/11/04 21:12:48 | 005,086,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/04 20:36:39 | 000,000,134 | ---- | M] () -- C:\Users\mom laptop\Desktop\Microsoft Fix it.url

========== Files Created - No Company Name ==========

[2013/12/04 00:18:59 | 000,011,096 | ---- | C] () -- C:\Users\mom laptop\Desktop\hijackthis 1242013
[2013/12/04 00:17:32 | 000,002,999 | ---- | C] () -- C:\Users\mom laptop\Desktop\HiJackThis.lnk
[2013/12/03 23:27:01 | 000,000,967 | ---- | C] () -- C:\Users\mom laptop\Desktop\SpeedFan.lnk
[2013/12/03 23:26:59 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/12/03 21:36:28 | 000,001,151 | ---- | C] () -- C:\Users\mom laptop\Desktop\The Ultimate Troubleshooter.lnk
[2013/12/03 20:56:19 | 000,154,646 | ---- | C] () -- C:\Users\mom laptop\Desktop\1484765_10200825433470536_188052261_n.jpg
[2013/12/03 18:21:28 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/12/03 07:28:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFormom laptop.job
[2013/12/02 14:50:19 | 000,110,360 | ---- | C] () -- C:\Users\mom laptop\Desktop\1402799_10153603824720595_871207528_o.jpg
[2013/11/30 19:36:40 | 000,014,383 | ---- | C] () -- C:\Users\mom laptop\Desktop\s0379920_sc7.jpg
[2013/11/30 17:24:25 | 000,001,409 | ---- | C] () -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/11/30 14:47:17 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/11/29 18:16:18 | 000,060,628 | ---- | C] () -- C:\Users\mom laptop\Desktop\996067_766561486703387_995244838_n.jpg
[2013/11/25 13:51:58 | 000,084,834 | ---- | C] () -- C:\Users\mom laptop\Desktop\IMG_20131125_134655.jpg
[2013/11/22 13:22:27 | 000,066,567 | ---- | C] () -- C:\Users\mom laptop\Desktop\207280_201046366602920_6876636_n.jpg
[2013/11/20 16:41:20 | 000,110,360 | ---- | C] () -- C:\Users\mom laptop\Desktop\christmas concentration.jpg
[2013/11/19 09:23:10 | 000,079,199 | ---- | C] () -- C:\Users\mom laptop\Desktop\1441261_10201429486871949_624032163_n.jpg
[2013/11/16 19:08:36 | 000,174,426 | ---- | C] () -- C:\Users\mom laptop\Desktop\santas_helper_512.png
[2013/11/15 21:45:39 | 000,004,096 | ---- | C] () -- C:\Users\mom laptop\Desktop\1394012_10202408276671188_1937483348_n.jpg
[2013/11/12 09:28:16 | 003,643,392 | ---- | C] () -- C:\Users\mom laptop\Desktop\RogueKiller.exe
[2013/11/05 22:44:19 | 000,036,357 | ---- | C] () -- C:\Users\mom laptop\Desktop\941302_748233091869560_898741588_n.jpg
[2013/11/04 20:36:39 | 000,000,134 | ---- | C] () -- C:\Users\mom laptop\Desktop\Microsoft Fix it.url
[2013/08/10 14:24:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/08/10 14:24:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/07/18 15:14:26 | 000,893,239 | ---- | C] () -- C:\Users\mom laptop\AppData\Local\a.zip
[2013/06/27 07:07:38 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/06/27 06:56:12 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/04/27 18:16:48 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/01 20:13:03 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/26 22:19:11 | 000,007,626 | ---- | C] () -- C:\Users\mom laptop\AppData\Local\Resmon.ResmonCfg
[2012/06/07 07:48:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\Dance
[2012/06/07 07:48:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\Comedy Noises
[2012/05/28 21:55:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/05/28 21:54:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/05/28 21:54:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/05/28 21:54:39 | 000,000,000 | ---- | C] () -- C:\Users\mom laptop\AppData\Roaming\Dance Kit
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/04/12 10:27:18 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/12/10 16:36:16 | 000,000,000 | ---- | C] () -- C:\Users\mom laptop\AppData\Local\{E98AAAB6-C906-4480-8CB3-E9C5CED50739}

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/07 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\BirthdayAdventurec6
[2011/11/21 12:33:57 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Catalina Marketing Corp
[2013/03/09 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Catalina – Print Savings
[2012/05/13 10:50:18 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/12 22:01:27 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/26 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013/08/03 12:37:45 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\com.hasbro.promotionalPlayer
[2012/02/07 09:12:53 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\my_app_files
[2012/05/28 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Nikon
[2012/06/07 08:05:30 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\No Company Name
[2011/11/21 19:25:36 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\ooVoo Details
[2013/09/26 14:14:21 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PDAppFlex
[2011/12/17 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PhotoScape
[2012/05/13 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2012/03/09 11:48:47 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PlayFirst
[2011/11/16 13:22:27 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Synaptics
[2012/02/29 10:16:52 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Unity
[2012/02/07 09:50:05 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\UNOUndercover
[2011/11/20 03:02:54 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F3AD1365

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP