Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Moneypak removed stuck on command prompt on startup


  • This topic is locked This topic is locked
2 replies to this topic

#1 santiva3

santiva3

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 17 May 2013 - 09:02 PM

Got the dreaded $300 moneypak ransomware. Removed it using Hitman Pro kickstart. Now when windows 7 64bit boots I'm stuck with the command prompt and explorer.exe not loading. How can I get explorer to load again during bootup and not the command prompt(which is looking for the moneypak .exe that was deleted)? Here is my OTL log file.

 

OTL logfile created on: 5/17/2013 9:12:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kellyja\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 43.07% Memory free
3.73 Gb Paging File | 2.25 Gb Available in Paging File | 60.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 255.63 Gb Free Space | 85.76% Space Free | Partition Type: NTFS
Drive E: | 7.50 Gb Total Space | 3.54 Gb Free Space | 47.27% Space Free | Partition Type: FAT32
 
Computer Name: NYCS-KELLYJA | User Name: KellyJa1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/15 16:02:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kellyja\Desktop\OTL.exe
PRC - [2012/11/27 16:06:00 | 000,345,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2012/11/27 16:06:00 | 000,333,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2012/11/27 16:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2012/11/27 16:06:00 | 000,075,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2012/11/14 08:32:48 | 000,639,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
PRC - [2012/10/18 13:43:36 | 000,986,624 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
PRC - [2012/10/17 13:16:16 | 000,371,712 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
PRC - [2012/10/04 06:16:54 | 000,199,744 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
PRC - [2012/10/04 04:29:16 | 000,496,128 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\collector.exe
PRC - [2012/10/04 04:02:46 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
PRC - [2012/10/04 03:02:02 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\SysWOW64\cba\pds.exe
PRC - [2012/09/14 13:51:30 | 000,049,250 | ---- | M] (SOPHEON) -- C:\Program Files (x86)\Sopheon\Accolade Charting for MSExcel\accoladeSvc.exe
PRC - [2012/08/27 11:35:16 | 000,157,496 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/11/18 09:53:26 | 000,588,136 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe
PRC - [2011/11/14 11:00:04 | 000,144,744 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
PRC - [2011/11/14 10:58:04 | 001,870,336 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
PRC - [2011/11/11 17:27:12 | 000,030,056 | ---- | M] (Rockwell Automation Inc.) -- C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
PRC - [2011/11/11 17:27:10 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe
PRC - [2011/11/04 16:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/12 19:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 18:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/07/12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/07/11 04:06:00 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
PRC - [2011/07/11 04:05:08 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
PRC - [2011/04/26 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/10/25 15:13:38 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/05/17 21:07:14 | 001,122,568 | R--- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/03/26 11:01:14 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/07/12 17:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 17:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/04/26 20:07:00 | 000,077,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/03/29 19:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2011/02/04 12:26:48 | 000,302,128 | ---- | M] () [Auto | Running] -- C:\Program Files\Symantec\Endpoint Agent\wdp.exe -- (WDP)
SRV:64bit: - [2011/02/04 12:26:46 | 000,346,160 | ---- | M] () [Auto | Running] -- C:\Program Files\Symantec\Endpoint Agent\edpa.exe -- (EDPA)
SRV:64bit: - [2011/02/01 09:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/05/06 05:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/17 13:26:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/27 16:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2012/11/14 08:32:48 | 000,639,024 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\softmon.exe -- (Softmon)
SRV - [2012/10/18 13:43:36 | 000,986,624 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2012/10/04 06:16:54 | 000,199,744 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2012/10/04 04:02:46 | 000,179,200 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2012/10/04 03:02:02 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\cba\pds.exe -- (Intel PDS)
SRV - [2012/08/27 11:35:16 | 000,157,496 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
SRV - [2012/06/05 03:30:28 | 000,109,568 | ---- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe -- (1784-PCIDS DeviceNet)
SRV - [2012/06/05 03:23:56 | 000,095,232 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe -- (SimModuleService)
SRV - [2012/03/02 15:08:14 | 002,010,448 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE -- (RSLinx)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/12/07 14:30:28 | 000,226,664 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony)
SRV - [2011/11/22 17:07:56 | 000,246,120 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe -- (RSLinxNG)
SRV - [2011/11/22 17:07:46 | 000,080,232 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe -- (LogReceiver)
SRV - [2011/11/18 09:53:26 | 000,588,136 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe -- (FactoryTalk Gateway)
SRV - [2011/11/14 11:00:04 | 000,144,744 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe -- (FTActivationBoost)
SRV - [2011/11/11 17:27:14 | 001,077,608 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe -- (RNADirMultiplexor)
SRV - [2011/11/11 17:27:14 | 000,954,216 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe -- (RNADirectory)
SRV - [2011/11/11 17:27:14 | 000,245,096 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe -- (RNADiagReceiver)
SRV - [2011/11/11 17:27:12 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe -- (RdcyHost)
SRV - [2011/11/11 17:27:12 | 000,030,056 | ---- | M] (Rockwell Automation Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService)
SRV - [2011/11/11 17:27:10 | 000,224,104 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe -- (NmspHost)
SRV - [2011/11/11 17:27:00 | 000,335,720 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe -- (EventClientMultiplexer)
SRV - [2011/11/11 17:27:00 | 000,250,216 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe -- (EventServer)
SRV - [2011/07/11 04:06:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2011/07/11 04:05:08 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011/05/06 15:20:54 | 000,099,784 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLinx\dnwhodisp.exe -- (dnWhoDisp)
SRV - [2011/04/26 20:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2011/04/26 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/04/26 20:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/01/19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/05/17 21:07:14 | 001,122,568 | R--- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe -- (FactoryTalk Activation Service)
SRV - [2010/05/10 09:47:48 | 000,443,448 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2010/03/18 09:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/11/25 09:11:02 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\OpcEnum.exe -- (OpcEnum)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot9)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot8)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot7)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot6)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot5)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot4)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot3)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot2)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot16)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot15)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot14)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot13)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot12)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot11)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot10)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot1)
SRV - [2005/07/08 07:21:46 | 001,425,408 | R--- | M] (Rockwell Automation) [On_Demand | Stopped] -- C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe -- (EmuLogix 5868 Slot0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/16 21:05:25 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/03/14 16:53:40 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/10/04 03:07:12 | 000,020,992 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ldblank.sys -- (ldblank)
DRV:64bit: - [2012/10/04 03:07:12 | 000,007,168 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mirrorflt.sys -- (mirrorflt)
DRV:64bit: - [2012/10/04 03:07:12 | 000,005,120 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ldmirror.sys -- (ldmirror)
DRV:64bit: - [2012/04/08 11:18:54 | 000,429,328 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/21 06:21:56 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/26 20:07:00 | 000,464,384 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/26 20:07:00 | 000,120,352 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/26 20:07:00 | 000,098,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/26 20:07:00 | 000,086,368 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2011/04/26 20:07:00 | 000,079,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/03/29 19:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/03/29 19:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011/03/04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011/02/04 12:27:06 | 000,058,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdifd11.sys -- (tdifd11)
DRV:64bit: - [2011/02/04 12:27:06 | 000,027,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtam.sys -- (vrtam)
DRV:64bit: - [2011/02/04 12:27:04 | 000,065,072 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\vfsmfd.sys -- (vfsmfd)
DRV:64bit: - [2011/02/04 12:27:04 | 000,055,344 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SFsCtrx.sys -- (SFsCtrx)
DRV:64bit: - [2011/02/01 09:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/12/17 11:51:46 | 000,299,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2010/12/17 11:51:44 | 001,493,632 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2010/12/17 11:51:42 | 000,748,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/11 06:03:34 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:64bit: - [2010/11/11 05:59:34 | 000,106,032 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:64bit: - [2010/11/05 18:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/17 21:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/10/14 20:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/07 15:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/25 05:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/07/22 04:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/05/10 09:47:58 | 000,016,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2010/05/10 09:43:24 | 000,023,736 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2010/04/08 18:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/18 05:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 05:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/03/18 04:59:52 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010/03/18 04:59:44 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010/02/26 11:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/22 07:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 07:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/01/15 08:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 08:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/10/26 09:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/09/28 11:46:00 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2006/12/13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2006/12/04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 52 8D 5B AF 50 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/03/26 08:32:12 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013/05/16 22:41:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [accoladeSVC] C:\Program Files (x86)\Sopheon\Accolade Charting for MSExcel\accoladeSvc.exe (SOPHEON)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CfgDownload] C:\Program Files (x86)\OpenText\Viewer\bin\CfgDownload.exe (OpenText Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.2.88.50 10.2.32.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wh.corp.pall.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BCBCA22-5AE3-4EED-B02C-D12625250FA1}: DhcpNameServer = 10.2.88.50 10.2.32.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAE92989-ACDA-4C54-AEB8-D92D99AC83AF}: DhcpNameServer = 10.2.88.50 10.2.32.14
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/16 22:47:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/16 22:43:56 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\temp
[2013/05/16 20:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/16 13:58:25 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\Microsoft Games
[2013/05/14 11:13:20 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Malwarebytes
[2013/05/14 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/14 11:11:53 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\Programs
[2013/05/14 10:36:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/02 11:04:51 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013/05/02 11:00:18 | 003,685,760 | ---- | C] (Logitech Inc.) -- C:\Users\KellyJa1\Desktop\setpoint652_smart.exe
[2013/05/02 10:58:34 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Macromedia
[2013/05/02 10:49:14 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Logitech
[2013/05/02 10:49:14 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\Logishrd
[2013/05/02 10:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/05/02 10:47:01 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Leadertech
[2013/05/02 10:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2013/05/02 10:45:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2013/05/02 10:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013/05/02 10:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2013/05/02 10:41:12 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Logishrd
[2013/05/02 10:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013/04/25 17:27:42 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockwell Software
[2013/04/25 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLASH Programming Tools
[2013/04/25 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlFLASH
[2013/04/25 17:20:01 | 000,000,000 | ---D | C] -- C:\RSLogix 5000
[2013/04/25 17:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockwell Automation
[2013/04/25 17:00:42 | 000,000,000 | ---D | C] -- C:\RSCommon
[2013/04/25 16:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSLogix 5000 Module Profiles
[2013/04/25 16:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\OMRON
[2013/04/25 15:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockwell Automation
[2013/04/25 14:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\FNP
[2013/04/25 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Rockwell Automation
[2013/04/25 14:29:32 | 000,191,488 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll
[2013/04/25 14:29:18 | 000,314,368 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys
[2013/04/25 14:29:13 | 000,065,024 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys
[2013/04/25 14:29:11 | 003,066,968 | ---- | C] (Aladdin Knowledge Systems.) -- C:\Windows\SysWow64\hinstd.dll
[2013/04/25 14:29:11 | 002,511,360 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\haspds_windows.dll
[2013/04/25 14:29:11 | 000,671,112 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hdinst_windows.dll
[2013/04/25 14:29:11 | 000,069,632 | ---- | C] (Aladdin Knowledge Systems) -- C:\Windows\SysWow64\hasp_inst_help1.dll
[2013/04/25 14:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\WFCU
[2013/04/25 14:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockwell
[2013/04/25 14:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\OPC Foundation
[2013/04/25 14:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockwell Software
[2013/04/25 14:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockwell Software
[2013/04/25 14:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Rockwell
[2013/04/25 14:23:17 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\Adobe
[2013/04/25 14:23:16 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\Autodesk
[2013/04/25 14:23:16 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Adobe
[2013/04/25 14:23:15 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\McAfee
[2013/04/25 14:22:45 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\VirtualStore
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\AppData\Local\Temporary Internet Files
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Templates
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Start Menu
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\SendTo
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Recent
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\PrintHood
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\NetHood
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Documents\My Videos
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Documents\My Pictures
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Documents\My Music
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\My Documents
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Local Settings
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\AppData\Local\History
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Cookies
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\Application Data
[2013/04/25 14:22:38 | 000,000,000 | -HSD | C] -- C:\Users\KellyJa1\AppData\Local\Application Data
[2013/04/25 14:22:34 | 000,000,000 | --SD | C] -- C:\Users\KellyJa1\AppData\Roaming\Microsoft
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Videos
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Searches
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Saved Games
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Pictures
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Music
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Links
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Favorites
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Downloads
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Documents
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Desktop
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\Contacts
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/25 14:22:34 | 000,000,000 | R--D | C] -- C:\Users\KellyJa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/25 14:22:34 | 000,000,000 | -H-D | C] -- C:\Users\KellyJa1\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/25 14:22:34 | 000,000,000 | -H-D | C] -- C:\Users\KellyJa1\AppData
[2013/04/25 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\WinZip
[2013/04/25 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\VMware
[2013/04/25 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\Microsoft Help
[2013/04/25 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Local\Microsoft
[2013/04/25 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\KellyJa1\AppData\Roaming\Identities
[2013/04/24 15:31:31 | 000,000,000 | ---D | C] -- C:\TEMP
[2013/04/24 15:15:54 | 000,000,000 | ---D | C] -- C:\_NYCS-PVaultWIP
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/17 21:10:06 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 21:10:06 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 21:06:45 | 000,778,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 21:06:45 | 000,660,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/17 21:06:45 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/17 21:02:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/17 21:02:19 | 1500,254,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/17 20:44:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 22:41:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/16 21:05:25 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/05/16 20:39:31 | 000,000,532 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/05/13 08:31:06 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013/05/04 05:23:31 | 000,000,277 | ---- | M] () -- C:\Windows\SlRegEDS.ini
[2013/05/04 05:23:22 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\RSLogix Emulate 5000 Chassis Monitor.lnk
[2013/05/03 14:45:01 | 000,000,265 | ---- | M] () -- C:\Windows\RLEIcons.ini
[2013/05/03 14:45:01 | 000,000,141 | ---- | M] () -- C:\Windows\rocksoft.ini
[2013/05/02 11:00:36 | 003,685,760 | ---- | M] (Logitech Inc.) -- C:\Users\KellyJa1\Desktop\setpoint652_smart.exe
[2013/04/26 08:53:55 | 000,446,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/25 16:16:05 | 000,002,129 | ---- | M] () -- C:\Windows\EDS.ini
[2013/04/25 16:10:55 | 000,002,332 | ---- | M] () -- C:\Users\KellyJa1\Documents\BackupFromSystemInstall.RSX
[2013/04/25 15:53:10 | 000,001,437 | ---- | M] () -- C:\Users\KellyJa1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2013/05/16 21:05:25 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/05/16 20:39:31 | 000,000,532 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/05/04 05:23:31 | 000,000,277 | ---- | C] () -- C:\Windows\SlRegEDS.ini
[2013/05/04 05:23:22 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\RSLogix Emulate 5000 Chassis Monitor.lnk
[2013/04/25 17:26:48 | 000,000,265 | ---- | C] () -- C:\Windows\RLEIcons.ini
[2013/04/25 16:10:55 | 000,002,332 | ---- | C] () -- C:\Users\KellyJa1\Documents\BackupFromSystemInstall.RSX
[2013/04/25 15:58:00 | 000,002,129 | ---- | C] () -- C:\Windows\EDS.ini
[2013/04/25 15:53:10 | 000,001,437 | ---- | C] () -- C:\Users\KellyJa1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/25 14:29:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hdduinst.exe
[2013/04/25 14:26:54 | 000,000,141 | ---- | C] () -- C:\Windows\rocksoft.ini
[2013/04/25 14:22:36 | 000,000,290 | ---- | C] () -- C:\Users\KellyJa1\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/25 14:22:36 | 000,000,272 | ---- | C] () -- C:\Users\KellyJa1\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/25 14:22:35 | 000,001,443 | ---- | C] () -- C:\Users\KellyJa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/25 14:22:35 | 000,001,409 | ---- | C] () -- C:\Users\KellyJa1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/03/25 11:39:05 | 000,011,622 | ---- | C] () -- C:\Windows\SapLogon.ini
[2013/03/25 09:51:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2013/03/25 09:51:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2013/03/25 09:51:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2013/03/25 09:51:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2013/03/25 09:51:01 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2013/03/25 09:51:01 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2013/03/25 08:07:24 | 000,015,222 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/14 16:38:47 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2013/03/14 16:37:53 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2013/03/14 16:37:47 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2013/03/14 16:37:17 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/03/14 09:05:19 | 000,009,126 | ---- | C] () -- C:\Windows\SapLogonOld.ini
[2013/03/14 09:03:37 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2013/03/14 09:03:37 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2013/03/14 09:03:37 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2013/03/14 09:03:37 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2013/03/14 09:03:37 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2013/03/14 08:19:01 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/14 13:46:08 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/03/02 15:15:12 | 000,038,224 | ---- | C] () -- C:\Windows\SysWow64\LINXVDD.DLL
[2012/03/02 14:45:54 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\KTC.BIN
[2012/03/02 14:45:54 | 000,015,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCMK485.BIN
[2012/03/02 14:45:54 | 000,015,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\KTX485.BIN
[2012/03/02 14:45:54 | 000,009,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCMKPCL.BIN
[2012/03/02 14:45:54 | 000,009,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\KTXPCL.BIN
[2012/03/02 14:45:54 | 000,007,575 | ---- | C] () -- C:\Windows\SysWow64\drivers\KLPCL.BIN
[2012/03/02 14:45:54 | 000,007,449 | ---- | C] () -- C:\Windows\SysWow64\drivers\SDDHP.BIN
[2012/03/02 14:45:54 | 000,006,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\slcnewkt.bin
[2012/03/02 14:45:54 | 000,005,433 | ---- | C] () -- C:\Windows\SysWow64\drivers\SDDH.BIN
[2012/03/02 14:45:54 | 000,001,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\KT2ST2.BIN
[2012/03/02 14:45:54 | 000,001,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCMKST3.BIN
[2012/03/02 14:45:54 | 000,001,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\KLST2.BIN
[2012/03/02 14:45:54 | 000,001,801 | ---- | C] () -- C:\Windows\SysWow64\drivers\KT2ST1.BIN
[2012/03/02 14:45:54 | 000,001,800 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCMKST1.BIN
[2012/03/02 14:45:54 | 000,001,800 | ---- | C] () -- C:\Windows\SysWow64\drivers\KTXST1.BIN
[2012/03/02 14:45:54 | 000,001,800 | ---- | C] () -- C:\Windows\SysWow64\drivers\KLST1.BIN
[2012/03/02 14:45:54 | 000,000,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCMKST0.BIN
[2012/03/02 14:45:54 | 000,000,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\KTXST0.BIN
[2012/03/02 14:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\SysWow64\drivers\KLST0.BIN
[2012/03/02 14:45:54 | 000,000,177 | ---- | C] () -- C:\Windows\SysWow64\drivers\KT2ST0.BIN
[2012/03/02 14:45:54 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\PCMKST2.BIN
[2011/08/29 18:43:12 | 002,275,888 | ---- | C] () -- C:\Windows\SysWow64\vm3dgl.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/14 16:56:20 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/14 16:56:20 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


Edited by santiva3, 18 May 2013 - 07:24 AM.


BC AdBot (Login to Remove)

 


#2 santiva3

santiva3
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 18 May 2013 - 08:24 AM

Never mind I figured it out by using this guide http://www.bleepingcomputer.com/virus-removal/remove-computer-crime-intellectual-property-section

 



#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:15 AM

Posted 22 May 2013 - 08:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users