I sorted by CPU usage in task manager and there are a few things that flash and disappear.
I updated my bios, cleaned all my vent areas. I just ran a hijack this log and I see some suspicious things. So I thought I would come here.
Here is my OTL log.
Thanks!
OTL logfile created on: 12/4/2013 12:23:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mom laptop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.95 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.92% Memory free
7.90 Gb Paging File | 6.31 Gb Available in Paging File | 79.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 577.69 Gb Total Space | 507.57 Gb Free Space | 87.86% Space Free | Partition Type: NTFS
Drive D: | 14.32 Gb Total Space | 1.59 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.94 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
Computer Name: MOMLAPTOP-HP | User Name: mom laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\mom laptop\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\mom laptop\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\mom laptop\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{00216C87-4CF9-44B3-AD44-7F87426E669C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{00216C87-4CF9-44B3-AD44-7F87426E669C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {A0DA5771-C3C1-4869-9742-08600539939A}
IE - HKCU\..\SearchScopes\{A0DA5771-C3C1-4869-9742-08600539939A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\MOMLAP~1\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013/12/01 14:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/05 22:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 22:01:34 | 000,000,000 | ---D | M]
[2011/11/16 22:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mom laptop\AppData\Roaming\Mozilla\Extensions
[2013/11/05 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 22:01:29 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/05 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/11/05 22:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/21 06:34:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/21 12:33:57 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/06/01 15:35:28 | 000,002,566 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml
========== Chrome ==========
O1 HOSTS File: ([2013/10/13 18:08:00 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizo...VoiceVMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3E83685-13AE-4AC5-89C0-6C4E8159D6BA}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/04 00:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/12/04 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/12/03 23:27:01 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/12/03 23:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/12/03 23:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/12/03 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Ultimate Troubleshooter
[2013/12/03 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Ultimate Troubleshooter
[2013/12/03 21:35:42 | 001,753,088 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExGrid.dll
[2013/12/03 21:35:41 | 000,614,400 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExButton.dll
[2013/12/03 21:35:40 | 000,602,112 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExMenu.dll
[2013/12/03 21:35:40 | 000,516,096 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExTab.dll
[2013/12/03 21:35:40 | 000,307,200 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExPMenu.dll
[2013/12/03 21:35:22 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eSellerateEngine.dll
[2013/12/03 21:35:22 | 000,118,784 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eWebControl.dll
[2013/12/03 21:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2013/12/03 21:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnswersThatWork
[2013/12/03 18:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/12/03 18:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/12/03 07:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2013/12/03 07:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2013/12/03 07:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/12/01 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/12/01 15:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/12/01 14:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/30 17:18:39 | 000,000,000 | ---D | C] -- C:\Users\mom laptop\AppData\Roaming\Roxio Log Files
[2013/11/30 14:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/11/30 14:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2013/11/29 09:22:36 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/05 22:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/11 10:39:20 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\mom laptop\AppData\Local\BcsKtYcHW.dll
========== Files - Modified Within 30 Days ==========
[2013/12/04 00:21:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 00:21:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 00:19:28 | 000,796,158 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/04 00:19:28 | 000,671,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/04 00:19:28 | 000,126,658 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/04 00:18:59 | 000,011,096 | ---- | M] () -- C:\Users\mom laptop\Desktop\hijackthis 1242013
[2013/12/04 00:17:32 | 000,002,999 | ---- | M] () -- C:\Users\mom laptop\Desktop\HiJackThis.lnk
[2013/12/04 00:14:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/04 00:13:59 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 23:30:06 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2013/12/03 23:30:06 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
[2013/12/03 23:27:01 | 000,000,967 | ---- | M] () -- C:\Users\mom laptop\Desktop\SpeedFan.lnk
[2013/12/03 23:26:59 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/12/03 22:47:50 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormom laptop.job
[2013/12/03 21:36:28 | 000,001,151 | ---- | M] () -- C:\Users\mom laptop\Desktop\The Ultimate Troubleshooter.lnk
[2013/12/03 20:56:20 | 000,154,646 | ---- | M] () -- C:\Users\mom laptop\Desktop\1484765_10200825433470536_188052261_n.jpg
[2013/12/03 18:21:28 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/12/02 14:48:23 | 000,110,360 | ---- | M] () -- C:\Users\mom laptop\Desktop\christmas concentration.jpg
[2013/12/02 14:48:23 | 000,110,360 | ---- | M] () -- C:\Users\mom laptop\Desktop\1402799_10153603824720595_871207528_o.jpg
[2013/11/30 19:36:42 | 000,014,383 | ---- | M] () -- C:\Users\mom laptop\Desktop\s0379920_sc7.jpg
[2013/11/30 17:24:25 | 000,001,397 | ---- | M] () -- C:\Users\mom laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/30 14:47:17 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/11/30 13:02:31 | 000,007,626 | ---- | M] () -- C:\Users\mom laptop\AppData\Local\Resmon.ResmonCfg
[2013/11/29 18:16:22 | 000,060,628 | ---- | M] () -- C:\Users\mom laptop\Desktop\996067_766561486703387_995244838_n.jpg
[2013/11/29 09:25:34 | 000,785,164 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/29 09:19:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/25 13:51:33 | 000,084,834 | ---- | M] () -- C:\Users\mom laptop\Desktop\IMG_20131125_134655.jpg
[2013/11/22 13:22:10 | 000,066,567 | ---- | M] () -- C:\Users\mom laptop\Desktop\207280_201046366602920_6876636_n.jpg
[2013/11/19 09:22:21 | 000,079,199 | ---- | M] () -- C:\Users\mom laptop\Desktop\1441261_10201429486871949_624032163_n.jpg
[2013/11/16 19:08:38 | 000,174,426 | ---- | M] () -- C:\Users\mom laptop\Desktop\santas_helper_512.png
[2013/11/15 21:45:44 | 000,004,096 | ---- | M] () -- C:\Users\mom laptop\Desktop\1394012_10202408276671188_1937483348_n.jpg
[2013/11/12 09:28:23 | 003,643,392 | ---- | M] () -- C:\Users\mom laptop\Desktop\RogueKiller.exe
[2013/11/05 22:44:19 | 000,036,357 | ---- | M] () -- C:\Users\mom laptop\Desktop\941302_748233091869560_898741588_n.jpg
[2013/11/04 21:12:48 | 005,086,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/04 20:36:39 | 000,000,134 | ---- | M] () -- C:\Users\mom laptop\Desktop\Microsoft Fix it.url
========== Files Created - No Company Name ==========
[2013/12/04 00:18:59 | 000,011,096 | ---- | C] () -- C:\Users\mom laptop\Desktop\hijackthis 1242013
[2013/12/04 00:17:32 | 000,002,999 | ---- | C] () -- C:\Users\mom laptop\Desktop\HiJackThis.lnk
[2013/12/03 23:27:01 | 000,000,967 | ---- | C] () -- C:\Users\mom laptop\Desktop\SpeedFan.lnk
[2013/12/03 23:26:59 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/12/03 21:36:28 | 000,001,151 | ---- | C] () -- C:\Users\mom laptop\Desktop\The Ultimate Troubleshooter.lnk
[2013/12/03 20:56:19 | 000,154,646 | ---- | C] () -- C:\Users\mom laptop\Desktop\1484765_10200825433470536_188052261_n.jpg
[2013/12/03 18:21:28 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/12/03 07:28:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleFormom laptop.job
[2013/12/02 14:50:19 | 000,110,360 | ---- | C] () -- C:\Users\mom laptop\Desktop\1402799_10153603824720595_871207528_o.jpg
[2013/11/30 19:36:40 | 000,014,383 | ---- | C] () -- C:\Users\mom laptop\Desktop\s0379920_sc7.jpg
[2013/11/30 17:24:25 | 000,001,409 | ---- | C] () -- C:\Users\mom laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/11/30 14:47:17 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/11/29 18:16:18 | 000,060,628 | ---- | C] () -- C:\Users\mom laptop\Desktop\996067_766561486703387_995244838_n.jpg
[2013/11/25 13:51:58 | 000,084,834 | ---- | C] () -- C:\Users\mom laptop\Desktop\IMG_20131125_134655.jpg
[2013/11/22 13:22:27 | 000,066,567 | ---- | C] () -- C:\Users\mom laptop\Desktop\207280_201046366602920_6876636_n.jpg
[2013/11/20 16:41:20 | 000,110,360 | ---- | C] () -- C:\Users\mom laptop\Desktop\christmas concentration.jpg
[2013/11/19 09:23:10 | 000,079,199 | ---- | C] () -- C:\Users\mom laptop\Desktop\1441261_10201429486871949_624032163_n.jpg
[2013/11/16 19:08:36 | 000,174,426 | ---- | C] () -- C:\Users\mom laptop\Desktop\santas_helper_512.png
[2013/11/15 21:45:39 | 000,004,096 | ---- | C] () -- C:\Users\mom laptop\Desktop\1394012_10202408276671188_1937483348_n.jpg
[2013/11/12 09:28:16 | 003,643,392 | ---- | C] () -- C:\Users\mom laptop\Desktop\RogueKiller.exe
[2013/11/05 22:44:19 | 000,036,357 | ---- | C] () -- C:\Users\mom laptop\Desktop\941302_748233091869560_898741588_n.jpg
[2013/11/04 20:36:39 | 000,000,134 | ---- | C] () -- C:\Users\mom laptop\Desktop\Microsoft Fix it.url
[2013/08/10 14:24:53 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/08/10 14:24:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/07/18 15:14:26 | 000,893,239 | ---- | C] () -- C:\Users\mom laptop\AppData\Local\a.zip
[2013/06/27 07:07:38 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/06/27 06:56:12 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/04/27 18:16:48 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/01 20:13:03 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/26 22:19:11 | 000,007,626 | ---- | C] () -- C:\Users\mom laptop\AppData\Local\Resmon.ResmonCfg
[2012/06/07 07:48:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\Dance
[2012/06/07 07:48:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\Comedy Noises
[2012/05/28 21:55:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/05/28 21:54:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/05/28 21:54:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/05/28 21:54:39 | 000,000,000 | ---- | C] () -- C:\Users\mom laptop\AppData\Roaming\Dance Kit
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/04/12 10:27:18 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/12/10 16:36:16 | 000,000,000 | ---- | C] () -- C:\Users\mom laptop\AppData\Local\{E98AAAB6-C906-4480-8CB3-E9C5CED50739}
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/02/07 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\BirthdayAdventurec6
[2011/11/21 12:33:57 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Catalina Marketing Corp
[2013/03/09 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Catalina – Print Savings
[2012/05/13 10:50:18 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/12 22:01:27 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/09/26 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013/08/03 12:37:45 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\com.hasbro.promotionalPlayer
[2012/02/07 09:12:53 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\my_app_files
[2012/05/28 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Nikon
[2012/06/07 08:05:30 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\No Company Name
[2011/11/21 19:25:36 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\ooVoo Details
[2013/09/26 14:14:21 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PDAppFlex
[2011/12/17 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PhotoScape
[2012/05/13 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2012/03/09 11:48:47 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\PlayFirst
[2011/11/16 13:22:27 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Synaptics
[2012/02/29 10:16:52 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Unity
[2012/02/07 09:50:05 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\UNOUndercover
[2011/11/20 03:02:54 | 000,000,000 | ---D | M] -- C:\Users\mom laptop\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F3AD1365
< End of report >