Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Cyber Command of California Virus
Message
<blockquote data-quote="mcnavychief" data-source="post: 142847" data-attributes="member: 14541"><p>aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software</p><p>Run date: 2013-11-03 20:06:21</p><p>-----------------------------</p><p>20:06:21.199 OS Version: Windows x64 6.1.7601 Service Pack 1</p><p>20:06:21.199 Number of processors: 8 586 0x2A07</p><p>20:06:21.199 ComputerName: HKZ27R1 UserName: </p><p>20:06:21.994 Initialize success</p><p>20:06:36.767 AVAST engine download error: 0</p><p>20:06:49.185 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1</p><p>20:06:49.185 Disk 0 Vendor: ST925031 D005 Size: 238475MB BusType: 8</p><p>20:06:49.310 Disk 0 MBR read successfully</p><p>20:06:49.310 Disk 0 MBR scan</p><p>20:06:49.310 Disk 0 Windows 7 default MBR code</p><p>20:06:49.325 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63</p><p>20:06:49.325 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10944 MB offset 81920</p><p>20:06:49.341 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 227488 MB offset 22495232</p><p>20:06:49.372 Disk 0 scanning C:\Windows\system32\drivers</p><p>20:07:01.197 Service scanning</p><p>20:07:22.164 Modules scanning</p><p>20:07:22.164 Disk 0 trace - called modules:</p><p>20:07:22.226 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStorV.sys hal.dll </p><p>20:07:22.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800887f790]</p><p>20:07:22.242 3 CLASSPNP.SYS[fffff88001b0343f] -> nt!IofCallDriver -> [0xfffffa8007a779a0]</p><p>20:07:22.257 5 stdcfltn.sys[fffff8800168cd12] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007723050]</p><p>20:07:22.257 Scan finished successfully</p><p>20:07:47.748 Disk 0 MBR has been saved successfully to "E:\MBR.dat"</p><p>20:07:47.748 The log file has been saved successfully to "E:\aswMBR.txt"</p><hr /><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013</p><p>Ran by mciccione (administrator) on HKZ27R1 on 03-11-2013 19:57:57</p><p>Running from E:\</p><p>Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Safe Mode (minimal)</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(Microsoft Corporation) C:\Windows\system32\cmd.exe</p><p>(Microsoft Corporation) c:\PROGRA~1\MICROS~1\msseces.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)</p><p>HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2041192 2013-03-11] ()</p><p>HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\mciccione\AppData\Roaming\Other.res [77824 2013-08-28] () <==== ATTENTION </p><p>HKLM-x32\...\Run: [] - [x]</p><p>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)</p><p>HKLM-x32\...\Run: [LTCM Client] - C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)</p><p>HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.)</p><p>HKU\UpdatusUser\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)</p><p>HKU\User\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)</p><p>AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation)</p><p>AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation)</p><p>Startup: C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe ()</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US</p><p>SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyTOmZLn2&i=26</p><p>SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyTOmZLn2&i=26</p><p>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File</p><p>BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)</p><p>BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>BHO-x32: No Name - {DCC39ACE-709B-44EA-B062-5F6BE2774644} - No File</p><p>Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)</p><p>Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File</p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"</p><p>Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"</p><p>Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"</p><p>Winsock: Catalog5-x64 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.190.192.35</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default</p><p>FF user.js: detected! => C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\user.js</p><p>FF NewTab: hxxp://mystart.incredibar.com/mb128?a=6OyTOmZLn2&i=26</p><p>FF DefaultSearchEngine: MyStart Search</p><p>FF SelectedSearchEngine: MyStart Search</p><p>FF Homepage: www.msn.com</p><p>FF Keyword.URL: hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6OyTOmZLn2&&i=26&search=</p><p>FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()</p><p>FF Plugin: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE - disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</p><p>FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\mciccione\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)</p><p>FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)</p><p>FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\mciccione\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\mciccione\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF SearchPlugin: C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\searchplugins\MyStart Search.xml</p><p>FF SearchPlugin: C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\searchplugins\SweetIM Search.xml</p><p>FF Extension: incredibar.com - C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\Extensions\ffxtlbr@incredibar.com</p><p>FF Extension: freehdsport - C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\Extensions\freehdsport@freehdsport.tv.xpi</p><p>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}</p><p>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}</p><p>FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox</p><p>FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox</p><p>FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on</p><p>FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: hxxp://www.google.com/</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File</p><p>CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File</p><p>CHR Plugin: (Remoting Viewer) - internal-remoting-viewer</p><p>CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()</p><p>CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()</p><p>CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File</p><p>CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File</p><p>CHR Plugin: (Google Talk Plugin) - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</p><p>CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File</p><p>CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</p><p>CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</p><p>CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>CHR Extension: (American) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0</p><p>CHR Extension: (https://www.facebook.com/) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciignkeokb\2013.10.29.43861_0</p><p>CHR Extension: (http://aafes.sndsurvey.com/LogIn.aspx) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coeeojhakblmldfkbcjpklablgbgaebf\2013.9.4.42832_0</p><p>CHR Extension: (Skype Click to Call) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0</p><p>CHR Extension: (https://www.salesnow.com/login.aspx) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmlddkcihelpfoibdgolcijhicchmbl\2013.8.23.50865_0</p><p>CHR Extension: (Google Wallet) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0</p><p>CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\FirstRowSportApp.com\stv11.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx</p><p>CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)</p><p>S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)</p><p>S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-10-28] (LogMeIn, Inc.)</p><p>S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-10-28] (LogMeIn, Inc.)</p><p>S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)</p><p>S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)</p><p>S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)</p><p>S2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()</p><p>S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2011-01-18] (Dell Inc.)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.)</p><p>S4 LMIRfsClientNP; No ImagePath</p><p>S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)</p><p>S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)</p><p>S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)</p><p>S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-11] (NVIDIA Corporation)</p><p>S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [47104 2010-05-25] ()</p><p>S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [285696 2010-05-25] (Sierra Wireless Inc.)</p><p>S1 dxdzefth; \??\C:\Windows\system32\drivers\dxdzefth.sys [x]</p><p>S1 elsyxpol; \??\C:\Windows\system32\drivers\elsyxpol.sys [x]</p><p>S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>Error(0) reading file: "C:\Windows\system32\ "</p><p>2013-11-03 19:57 - 2013-11-03 19:57 - 00000000 ____D C:\FRST</p><p>2013-11-03 19:51 - 2013-11-03 19:51 - 00000648 _____ C:\Users\mciccione\Desktop\OTLPENet(1) - Shortcut.lnk</p><p>2013-11-03 19:47 - 2013-11-03 19:47 - 00069458 _____ C:\Users\mciccione\Desktop\OTL.Txt</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 74186752 _____ C:\Windows\system32\config\software.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 22282240 _____ C:\Windows\system32\config\system.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\security.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\sam.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\default.bhv</p><p>2013-11-03 13:47 - 2013-11-03 13:47 - 00000000 ____D C:\$Anvi Rescue Disk$</p><p>2013-11-01 06:41 - 2013-11-01 06:41 - 00010619 _____ C:\Users\mciccione\Desktop\SDS Mess Halls.xlsx</p><p>2013-10-30 06:26 - 2013-10-31 08:10 - 00012033 _____ C:\Users\mciccione\Desktop\EGG Copeative Sheet USF SD NOV 2013.xlsx</p><p>2013-10-30 05:11 - 2013-10-31 05:12 - 00000000 ____D C:\Users\mciccione\Desktop\CARGILL SOCAL</p><p>2013-10-28 08:01 - 2013-10-31 04:40 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qucao</p><p>2013-10-28 08:01 - 2013-10-30 04:14 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ecna</p><p>2013-10-28 08:01 - 2013-10-28 08:01 - 00122880 _____ C:\Users\mciccione\AppData\Roaming\verison.dll</p><p>2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Rociif</p><p>2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 _____ C:\Users\mciccione\8189166.exe</p><p>2013-10-26 08:11 - 2013-10-26 17:35 - 00001465 _____ C:\Users\mciccione\Sti_Trace.log</p><p>2013-10-26 08:11 - 2013-10-26 08:12 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Canon</p><p>2013-10-26 08:06 - 2013-10-26 08:06 - 00000988 _____ C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk</p><p>2013-10-26 08:06 - 2013-10-26 08:06 - 00000000 ____D C:\Program Files (x86)\Canon</p><p>2013-10-26 08:04 - 2013-10-26 08:04 - 00000000 ___HD C:\CanoScan</p><p>2013-10-26 08:04 - 2006-03-24 09:46 - 00331776 _____ (CANON INC.) C:\Windows\system32\CNQL1212.dll</p><p>2013-10-26 08:04 - 2006-03-02 09:07 - 00064512 _____ (CANON INC.) C:\Windows\system32\CNQU111.DLL</p><p>2013-10-26 07:57 - 2013-10-26 07:57 - 00000000 ____D C:\Users\mciccione\AppData\Local\DriverTuner</p><p>2013-10-23 06:08 - 2013-10-23 06:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-10-23 06:08 - 2013-10-23 06:09 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-10-23 06:08 - 2013-10-23 06:09 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-10-23 06:08 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files\iPod</p><p>2013-10-22 16:35 - 2013-10-23 05:17 - 00021045 _____ C:\Users\mciccione\Desktop\DODAAC Ships List OCT 2013.xlsx</p><p>2013-10-22 06:09 - 2013-10-22 07:24 - 00000000 ____D C:\Users\mciccione\AppData\Local\CrashDumps</p><p>2013-10-22 05:49 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Xenaebdi</p><p>2013-10-22 05:49 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Okkeynit</p><p>2013-10-21 18:59 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ulanewa</p><p>2013-10-21 18:58 - 2013-10-22 08:57 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ifyxeku</p><p>2013-10-21 18:54 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qareecg</p><p>2013-10-21 18:53 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Dyaxwyux</p><p>2013-10-21 18:51 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ehcymiu</p><p>2013-10-21 18:50 - 2013-10-22 08:52 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Iqdyydm</p><p>2013-10-21 18:11 - 2013-10-22 14:13 - 00000000 ____D C:\Users\mciccione\AppData\Local\Acro Software Inc</p><p>2013-10-16 17:40 - 2013-10-16 18:09 - 00038912 _____ C:\Users\mciccione\Desktop\Beale AFB Opening training order.xls</p><p>2013-10-11 08:29 - 2013-10-14 10:14 - 00043520 _____ C:\Users\mciccione\Desktop\WMC at USF San Fran Catalog 07 OCT 2013.xls</p><p>2013-10-09 05:00 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-10-09 05:00 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2013-10-09 05:00 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2013-10-09 05:00 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2013-10-09 05:00 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-10-09 05:00 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe</p><p>2013-10-09 05:00 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</p><p>2013-10-09 02:01 - 2013-10-09 02:01 - 00000000 ____D C:\24c7baefad118b12ed54b8ef09</p><p>2013-10-08 22:33 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys</p><p>2013-10-08 22:33 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys</p><p>2013-10-08 22:33 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll</p><p>2013-10-08 22:33 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll</p><p>2013-10-08 22:33 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2013-10-08 22:33 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll</p><p>2013-10-08 22:33 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll</p><p>2013-10-08 22:33 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll</p><p>2013-10-08 22:33 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll</p><p>2013-10-08 22:33 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2013-10-08 22:33 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2013-10-08 22:33 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll</p><p>2013-10-08 22:33 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll</p><p>2013-10-08 22:33 - 2013-08-28 17:50 - 00077824 _____ C:\Users\mciccione\AppData\Roaming\Other.res</p><p>2013-10-08 22:33 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</p><p>2013-10-08 22:33 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll</p><p>2013-10-08 22:33 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</p><p>2013-10-08 22:33 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</p><p>2013-10-08 22:33 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</p><p>2013-10-08 22:33 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</p><p>2013-10-08 22:33 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2013-10-08 22:33 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys</p><p>2013-10-08 22:33 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll</p><p>2013-10-08 22:33 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll</p><p>2013-10-08 22:33 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys</p><p>2013-10-08 22:33 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys</p><p>2013-10-08 22:33 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll</p><p>2013-10-08 22:33 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll</p><p>2013-10-08 22:33 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll</p><p>2013-10-08 22:33 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll</p><p>2013-10-08 22:33 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll</p><p>2013-10-08 22:33 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll</p><p>2013-10-08 22:33 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys</p><p>2013-10-08 22:33 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys</p><p>2013-10-08 22:33 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys</p><p>2013-10-08 22:33 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys</p><p>2013-10-08 22:33 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys</p><p>2013-10-08 22:33 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll</p><p>2013-10-08 22:33 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll</p><p>2013-10-08 22:33 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll</p><p>2013-10-08 22:33 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll</p><p>2013-10-08 22:33 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll</p><p>2013-10-08 22:33 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll</p><p>2013-10-08 22:33 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll</p><p>2013-10-08 22:33 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll</p><p>2013-10-08 22:33 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll</p><p>2013-10-08 22:33 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll</p><p>2013-10-08 22:29 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys</p><p>2013-10-08 22:29 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys</p><p>2013-10-08 22:29 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys</p><p>2013-10-08 22:29 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys</p><p>2013-10-08 22:29 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys</p><p>2013-10-08 22:29 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys</p><p>2013-10-08 22:29 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys</p><p>2013-10-08 22:29 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll</p><p>2013-10-07 07:48 - 2013-10-16 20:41 - 00213504 _____ C:\Users\mciccione\Desktop\USF San Fran Catalog 07 OCT 2013.xls</p><p>2013-10-04 05:53 - 2013-10-04 05:53 - 00018370 _____ C:\Users\mciccione\Documents\REGIONAL CONTACT LISTING JUN2013.xlsx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-11-03 19:57 - 2013-11-03 19:57 - 00000000 ____D C:\FRST</p><p>2013-11-03 19:51 - 2013-11-03 19:51 - 00000648 _____ C:\Users\mciccione\Desktop\OTLPENet(1) - Shortcut.lnk</p><p>2013-11-03 19:47 - 2013-11-03 19:47 - 00069458 _____ C:\Users\mciccione\Desktop\OTL.Txt</p><p>2013-11-03 19:31 - 2009-07-13 21:13 - 00747928 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2013-11-03 19:24 - 2012-02-24 07:59 - 01146117 _____ C:\Windows\WindowsUpdate.log</p><p>2013-11-03 19:12 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-11-03 19:12 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-11-03 19:11 - 2012-06-20 17:51 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-11-03 19:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2013-11-03 19:08 - 2009-07-13 20:51 - 00051888 _____ C:\Windows\setupact.log</p><p>2013-11-03 19:07 - 2012-02-24 12:02 - 00000000 ____D C:\ProgramData\NVIDIA</p><p>2013-11-03 19:03 - 2012-06-20 17:51 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-11-03 18:19 - 2012-02-27 06:47 - 00000000 ____D C:\Users\administrator</p><p>2013-11-03 18:19 - 2012-02-27 06:19 - 00000000 ____D C:\Users\mciccione</p><p>2013-11-03 18:19 - 2012-02-24 12:11 - 00000000 ____D C:\Windows\SysWOW64\NV</p><p>2013-11-03 18:19 - 2012-02-24 12:11 - 00000000 ____D C:\Windows\system32\NV</p><p>2013-11-03 18:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration</p><p>2013-11-03 16:20 - 2012-04-06 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 74186752 _____ C:\Windows\system32\config\software.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 22282240 _____ C:\Windows\system32\config\system.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\security.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\sam.bhv</p><p>2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\default.bhv</p><p>2013-11-03 13:47 - 2013-11-03 13:47 - 00000000 ____D C:\$Anvi Rescue Disk$</p><p>2013-11-03 09:05 - 2012-03-17 14:45 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{767CA9B1-94A7-4D40-A7E3-B9AFB22BACC4}</p><p>2013-11-03 07:58 - 2012-03-21 17:42 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152UA.job</p><p>2013-11-03 07:22 - 2012-02-27 08:48 - 00000000 ____D C:\ProgramData\LogMeIn</p><p>2013-11-02 06:30 - 2012-02-27 08:43 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Skype</p><p>2013-11-02 06:26 - 2012-03-01 13:00 - 00000000 ____D C:\Users\mciccione\Documents\Outlook Files</p><p>2013-11-02 06:25 - 2013-02-19 07:31 - 101903715 _____ C:\Users\mciccione\AppData\Local\SN_Outlook2007.log</p><p>2013-11-02 05:56 - 2012-03-21 17:42 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152Core.job</p><p>2013-11-01 11:59 - 2012-02-29 14:44 - 00000000 ____D C:\Users\mciccione\Documents\My Discovery Files</p><p>2013-11-01 06:41 - 2013-11-01 06:41 - 00010619 _____ C:\Users\mciccione\Desktop\SDS Mess Halls.xlsx</p><p>2013-10-31 08:10 - 2013-10-30 06:26 - 00012033 _____ C:\Users\mciccione\Desktop\EGG Copeative Sheet USF SD NOV 2013.xlsx</p><p>2013-10-31 05:12 - 2013-10-30 05:11 - 00000000 ____D C:\Users\mciccione\Desktop\CARGILL SOCAL</p><p>2013-10-31 04:40 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qucao</p><p>2013-10-30 08:16 - 2012-07-25 10:47 - 00000000 ____D C:\Users\mciccione\Desktop\NAPA NSN LSN</p><p>2013-10-30 05:36 - 2012-03-12 14:41 - 00000000 ____D C:\Users\mciccione\AppData\Local\CutePDF Writer</p><p>2013-10-30 04:14 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ecna</p><p>2013-10-29 14:05 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp</p><p>2013-10-28 15:38 - 2012-07-08 11:48 - 00000000 ____D C:\Windows\System32\Tasks\Games</p><p>2013-10-28 15:38 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p>2013-10-28 13:19 - 2012-03-01 17:02 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Apple Computer</p><p>2013-10-28 13:19 - 2012-03-01 17:00 - 00000000 ____D C:\Program Files\Common Files\Apple</p><p>2013-10-28 13:05 - 2013-09-27 16:45 - 00000000 ____D C:\Users\mciccione\AppData\Local\9BF90948-A34F-40B9-88B0-29D87E2DA71D.aplzod</p><p>2013-10-28 10:42 - 2012-02-24 12:10 - 00042354 _____ C:\Windows\PFRO.log</p><p>2013-10-28 08:43 - 2012-02-27 08:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn</p><p>2013-10-28 08:42 - 2012-02-27 08:48 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll</p><p>2013-10-28 08:42 - 2012-02-27 08:48 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll</p><p>2013-10-28 08:42 - 2012-02-27 08:48 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll</p><p>2013-10-28 08:01 - 2013-10-28 08:01 - 00122880 _____ C:\Users\mciccione\AppData\Roaming\verison.dll</p><p>2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Rociif</p><p>2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 _____ C:\Users\mciccione\8189166.exe</p><p>2013-10-28 08:01 - 2012-03-21 17:42 - 00000000 ____D C:\Users\mciccione\AppData\Local\Google</p><p>2013-10-26 20:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF</p><p>2013-10-26 17:35 - 2013-10-26 08:11 - 00001465 _____ C:\Users\mciccione\Sti_Trace.log</p><p>2013-10-26 08:12 - 2013-10-26 08:11 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Canon</p><p>2013-10-26 08:06 - 2013-10-26 08:06 - 00000988 _____ C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk</p><p>2013-10-26 08:06 - 2013-10-26 08:06 - 00000000 ____D C:\Program Files (x86)\Canon</p><p>2013-10-26 08:06 - 2012-02-24 11:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information</p><p>2013-10-26 08:04 - 2013-10-26 08:04 - 00000000 ___HD C:\CanoScan</p><p>2013-10-26 07:57 - 2013-10-26 07:57 - 00000000 ____D C:\Users\mciccione\AppData\Local\DriverTuner</p><p>2013-10-24 04:58 - 2012-08-24 11:57 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Mozilla</p><p>2013-10-23 06:09 - 2013-10-23 06:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-10-23 06:09 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-10-23 06:09 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-10-23 06:08 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files\iPod</p><p>2013-10-23 05:17 - 2013-10-22 16:35 - 00021045 _____ C:\Users\mciccione\Desktop\DODAAC Ships List OCT 2013.xlsx</p><p>2013-10-22 14:18 - 2013-02-27 08:06 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2013-10-22 14:14 - 2013-02-20 09:36 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Epson</p><p>2013-10-22 14:14 - 2012-11-10 13:45 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com</p><p>2013-10-22 14:14 - 2012-03-06 09:14 - 00000000 ____D C:\Users\User\Desktop\EDI</p><p>2013-10-22 14:14 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2013-10-22 14:14 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools</p><p>2013-10-22 14:14 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup</p><p>2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance</p><p>2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools</p><p>2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2013-10-22 14:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat</p><p>2013-10-22 14:13 - 2013-10-21 18:11 - 00000000 ____D C:\Users\mciccione\AppData\Local\Acro Software Inc</p><p>2013-10-22 14:13 - 2013-10-02 21:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>2013-10-22 14:13 - 2013-09-16 15:45 - 00000000 ____D C:\Users\mciccione\AppData\Local\Citrix</p><p>2013-10-22 14:13 - 2013-03-13 11:29 - 00000000 ____D C:\Users\mciccione\ADMX</p><p>2013-10-22 14:13 - 2013-03-13 11:29 - 00000000 ____D C:\Users\mciccione\Admin</p><p>2013-10-22 14:13 - 2012-05-21 12:40 - 00000000 ____D C:\Users\mciccione\AppData\Local\join.me</p><p>2013-10-22 14:13 - 2012-02-27 08:43 - 00000000 ____D C:\ProgramData\Skype</p><p>2013-10-22 14:13 - 2012-02-27 07:46 - 00000000 ____D C:\Users\mciccione\AppData\Local\Microsoft Help</p><p>2013-10-22 14:13 - 2012-02-27 07:46 - 00000000 ____D C:\ProgramData\Microsoft Help</p><p>2013-10-22 14:12 - 2012-02-24 11:59 - 00000000 ____D C:\Users\User\AppData\Local\Dell</p><p>2013-10-22 14:12 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV</p><p>2013-10-22 14:11 - 2012-04-23 11:23 - 00000000 ____D C:\Users\mciccione\Documents\Fax</p><p>2013-10-22 14:11 - 2012-03-26 19:06 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Avery</p><p>2013-10-22 14:11 - 2012-02-29 14:34 - 00000000 ____D C:\Users\mciccione\Desktop\WORKING FOLDER MASTER</p><p>2013-10-22 14:11 - 2012-02-27 08:54 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Adobe</p><p>2013-10-22 14:11 - 2012-02-27 06:19 - 00000000 ____D C:\Users\mciccione\AppData\Local\VirtualStore</p><p>2013-10-22 14:10 - 2012-08-29 06:17 - 00000000 ____D C:\Users\mciccione\AppData\Local\Mozilla</p><p>2013-10-22 14:08 - 2012-02-27 08:46 - 00000000 ____D C:\Users\mciccione\AppData\Local\Apps\2.0</p><p>2013-10-22 10:37 - 2013-10-22 05:49 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Xenaebdi</p><p>2013-10-22 10:37 - 2013-10-22 05:49 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Okkeynit</p><p>2013-10-22 10:37 - 2013-10-21 18:59 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ulanewa</p><p>2013-10-22 10:37 - 2013-10-21 18:54 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qareecg</p><p>2013-10-22 10:37 - 2013-10-21 18:53 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Dyaxwyux</p><p>2013-10-22 10:37 - 2013-10-21 18:51 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ehcymiu</p><p>2013-10-22 08:57 - 2013-10-21 18:58 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ifyxeku</p><p>2013-10-22 08:52 - 2013-10-21 18:50 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Iqdyydm</p><p>2013-10-22 07:24 - 2013-10-22 06:09 - 00000000 ____D C:\Users\mciccione\AppData\Local\CrashDumps</p><p>2013-10-21 18:45 - 2013-02-26 05:55 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Leader Technologies</p><p>2013-10-16 20:41 - 2013-10-07 07:48 - 00213504 _____ C:\Users\mciccione\Desktop\USF San Fran Catalog 07 OCT 2013.xls</p><p>2013-10-16 18:09 - 2013-10-16 17:40 - 00038912 _____ C:\Users\mciccione\Desktop\Beale AFB Opening training order.xls</p><p>2013-10-15 04:53 - 2012-03-21 17:42 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152UA</p><p>2013-10-15 04:53 - 2012-03-21 17:42 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152Core</p><p>2013-10-14 10:14 - 2013-10-11 08:29 - 00043520 _____ C:\Users\mciccione\Desktop\WMC at USF San Fran Catalog 07 OCT 2013.xls</p><p>2013-10-11 06:37 - 2013-09-01 16:50 - 00000000 ____D C:\Users\mciccione\Desktop\NEW GOALS</p><p>2013-10-11 06:15 - 2013-08-08 20:25 - 00000000 ____D C:\Users\mciccione\Desktop\Hawaii SEPT 2013</p><p>2013-10-11 05:58 - 2013-07-02 04:58 - 00000000 ____D C:\Users\mciccione\Desktop\RICHARD Working</p><p>2013-10-11 02:01 - 2012-02-27 07:06 - 00001945 _____ C:\Windows\epplauncher.mif</p><p>2013-10-11 02:00 - 2013-07-29 07:06 - 00000000 ____D C:\Program Files\Microsoft Security Client</p><p>2013-10-11 02:00 - 2013-07-29 07:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client</p><p>2013-10-09 14:56 - 2012-06-20 17:51 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2013-10-09 14:56 - 2012-06-20 17:51 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2013-10-09 12:28 - 2009-07-13 20:45 - 00300040 _____ C:\Windows\system32\FNTCACHE.DAT</p><p>2013-10-09 12:27 - 2012-09-22 12:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight</p><p>2013-10-09 12:27 - 2012-09-22 12:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight</p><p>2013-10-09 11:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache</p><p>2013-10-09 10:08 - 2013-02-20 09:34 - 00000000 ____D C:\Program Files (x86)\EPSON Software</p><p>2013-10-09 09:29 - 2012-02-29 17:07 - 00000000 ____D C:\Users\mciccione\Documents\My Scans</p><p>2013-10-09 04:53 - 2013-07-15 17:15 - 00000000 ____D C:\Windows\system32\MRT</p><p>2013-10-09 04:51 - 2012-02-27 07:44 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2013-10-09 02:01 - 2013-10-09 02:01 - 00000000 ____D C:\24c7baefad118b12ed54b8ef09</p><p>2013-10-08 15:20 - 2012-04-06 15:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2013-10-08 15:20 - 2012-04-06 15:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-10-08 15:20 - 2012-02-27 08:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-10-04 05:53 - 2013-10-04 05:53 - 00018370 _____ C:\Users\mciccione\Documents\REGIONAL CONTACT LISTING JUN2013.xlsx</p><p></p><p>ZeroAccess:</p><p>C:\Windows\Installer\{509ff5ec-1cf1-d1f1-3803-794194987c49}</p><p></p><p>ZeroAccess:</p><p>C:\$Recycle.Bin\S-1-5-21-1058691569-1557305187-1555467426-1152\$509ff5ec1cf1d1f13803794194987c49</p><p></p><p>Files to move or delete:</p><p>====================</p><p>ZeroAccess:</p><p>C:\Users\mciccione\AppData\Local\Google\Desktop\Install</p><p>C:\Users\mciccione\8189166.exe</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\mciccione\AppData\Local\Temp\b34btbztdb0vavaw.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\BrokerMediumIntegrity.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\converter.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\fp_pl_pfs_installer.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\GenericUninstall.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\InstallFlashPlayer.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\Setup.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\SkypeSetup.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\uninstaller.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\US_en_Avery_AW40.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\vVpDlfy.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\vVpDlfy0.exe</p><p>C:\Users\mciccione\AppData\Local\Temp\WSSetup.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p></p><p>LastRegBack: 2013-10-31 09:16</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="mcnavychief, post: 142847, member: 14541"] aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-11-03 20:06:21 ----------------------------- 20:06:21.199 OS Version: Windows x64 6.1.7601 Service Pack 1 20:06:21.199 Number of processors: 8 586 0x2A07 20:06:21.199 ComputerName: HKZ27R1 UserName: 20:06:21.994 Initialize success 20:06:36.767 AVAST engine download error: 0 20:06:49.185 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:06:49.185 Disk 0 Vendor: ST925031 D005 Size: 238475MB BusType: 8 20:06:49.310 Disk 0 MBR read successfully 20:06:49.310 Disk 0 MBR scan 20:06:49.310 Disk 0 Windows 7 default MBR code 20:06:49.325 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63 20:06:49.325 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10944 MB offset 81920 20:06:49.341 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 227488 MB offset 22495232 20:06:49.372 Disk 0 scanning C:\Windows\system32\drivers 20:07:01.197 Service scanning 20:07:22.164 Modules scanning 20:07:22.164 Disk 0 trace - called modules: 20:07:22.226 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStorV.sys hal.dll 20:07:22.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800887f790] 20:07:22.242 3 CLASSPNP.SYS[fffff88001b0343f] -> nt!IofCallDriver -> [0xfffffa8007a779a0] 20:07:22.257 5 stdcfltn.sys[fffff8800168cd12] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007723050] 20:07:22.257 Scan finished successfully 20:07:47.748 Disk 0 MBR has been saved successfully to "E:\MBR.dat" 20:07:47.748 The log file has been saved successfully to "E:\aswMBR.txt" [hr] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by mciccione (administrator) on HKZ27R1 on 03-11-2013 19:57:57 Running from E:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\cmd.exe (Microsoft Corporation) c:\PROGRA~1\MICROS~1\msseces.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.) HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2041192 2013-03-11] () HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\mciccione\AppData\Roaming\Other.res [77824 2013-08-28] () <==== ATTENTION HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [LTCM Client] - C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-19] (Apple Inc.) HKU\UpdatusUser\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\User\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation) Startup: C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpM3Util.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyTOmZLn2&i=26 SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6OyTOmZLn2&i=26 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: No Name - {DCC39ACE-709B-44EA-B062-5F6BE2774644} - No File Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 06 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.190.192.35 FireFox: ======== FF ProfilePath: C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default FF user.js: detected! => C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\user.js FF NewTab: hxxp://mystart.incredibar.com/mb128?a=6OyTOmZLn2&i=26 FF DefaultSearchEngine: MyStart Search FF SelectedSearchEngine: MyStart Search FF Homepage: www.msn.com FF Keyword.URL: hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6OyTOmZLn2&&i=26&search= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\mciccione\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\mciccione\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\mciccione\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\searchplugins\SweetIM Search.xml FF Extension: incredibar.com - C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\Extensions\ffxtlbr@incredibar.com FF Extension: freehdsport - C:\Users\mciccione\AppData\Roaming\Mozilla\Firefox\Profiles\rckbcfep.default\Extensions\freehdsport@freehdsport.tv.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\mciccione\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Extension: (American) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0 CHR Extension: (https://www.facebook.com/) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciignkeokb\2013.10.29.43861_0 CHR Extension: (http://aafes.sndsurvey.com/LogIn.aspx) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coeeojhakblmldfkbcjpklablgbgaebf\2013.9.4.42832_0 CHR Extension: (Skype Click to Call) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0 CHR Extension: (https://www.salesnow.com/login.aspx) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmlddkcihelpfoibdgolcijhicchmbl\2013.8.23.50865_0 CHR Extension: (Google Wallet) - C:\Users\MCICCI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\FirstRowSportApp.com\stv11.crx CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-10-28] (LogMeIn, Inc.) S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-10-28] (LogMeIn, Inc.) S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) S2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2011-01-18] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-28] (LogMeIn, Inc.) S4 LMIRfsClientNP; No ImagePath S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-11] (NVIDIA Corporation) S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [47104 2010-05-25] () S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [285696 2010-05-25] (Sierra Wireless Inc.) S1 dxdzefth; \??\C:\Windows\system32\drivers\dxdzefth.sys [x] S1 elsyxpol; \??\C:\Windows\system32\drivers\elsyxpol.sys [x] S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== Error(0) reading file: "C:\Windows\system32\ " 2013-11-03 19:57 - 2013-11-03 19:57 - 00000000 ____D C:\FRST 2013-11-03 19:51 - 2013-11-03 19:51 - 00000648 _____ C:\Users\mciccione\Desktop\OTLPENet(1) - Shortcut.lnk 2013-11-03 19:47 - 2013-11-03 19:47 - 00069458 _____ C:\Users\mciccione\Desktop\OTL.Txt 2013-11-03 14:06 - 2013-11-03 14:06 - 74186752 _____ C:\Windows\system32\config\software.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 22282240 _____ C:\Windows\system32\config\system.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\security.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\sam.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\default.bhv 2013-11-03 13:47 - 2013-11-03 13:47 - 00000000 ____D C:\$Anvi Rescue Disk$ 2013-11-01 06:41 - 2013-11-01 06:41 - 00010619 _____ C:\Users\mciccione\Desktop\SDS Mess Halls.xlsx 2013-10-30 06:26 - 2013-10-31 08:10 - 00012033 _____ C:\Users\mciccione\Desktop\EGG Copeative Sheet USF SD NOV 2013.xlsx 2013-10-30 05:11 - 2013-10-31 05:12 - 00000000 ____D C:\Users\mciccione\Desktop\CARGILL SOCAL 2013-10-28 08:01 - 2013-10-31 04:40 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qucao 2013-10-28 08:01 - 2013-10-30 04:14 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ecna 2013-10-28 08:01 - 2013-10-28 08:01 - 00122880 _____ C:\Users\mciccione\AppData\Roaming\verison.dll 2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Rociif 2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 _____ C:\Users\mciccione\8189166.exe 2013-10-26 08:11 - 2013-10-26 17:35 - 00001465 _____ C:\Users\mciccione\Sti_Trace.log 2013-10-26 08:11 - 2013-10-26 08:12 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Canon 2013-10-26 08:06 - 2013-10-26 08:06 - 00000988 _____ C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk 2013-10-26 08:06 - 2013-10-26 08:06 - 00000000 ____D C:\Program Files (x86)\Canon 2013-10-26 08:04 - 2013-10-26 08:04 - 00000000 ___HD C:\CanoScan 2013-10-26 08:04 - 2006-03-24 09:46 - 00331776 _____ (CANON INC.) C:\Windows\system32\CNQL1212.dll 2013-10-26 08:04 - 2006-03-02 09:07 - 00064512 _____ (CANON INC.) C:\Windows\system32\CNQU111.DLL 2013-10-26 07:57 - 2013-10-26 07:57 - 00000000 ____D C:\Users\mciccione\AppData\Local\DriverTuner 2013-10-23 06:08 - 2013-10-23 06:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-23 06:08 - 2013-10-23 06:09 - 00000000 ____D C:\Program Files\iTunes 2013-10-23 06:08 - 2013-10-23 06:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-23 06:08 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files\iPod 2013-10-22 16:35 - 2013-10-23 05:17 - 00021045 _____ C:\Users\mciccione\Desktop\DODAAC Ships List OCT 2013.xlsx 2013-10-22 06:09 - 2013-10-22 07:24 - 00000000 ____D C:\Users\mciccione\AppData\Local\CrashDumps 2013-10-22 05:49 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Xenaebdi 2013-10-22 05:49 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Okkeynit 2013-10-21 18:59 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ulanewa 2013-10-21 18:58 - 2013-10-22 08:57 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ifyxeku 2013-10-21 18:54 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qareecg 2013-10-21 18:53 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Dyaxwyux 2013-10-21 18:51 - 2013-10-22 10:37 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ehcymiu 2013-10-21 18:50 - 2013-10-22 08:52 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Iqdyydm 2013-10-21 18:11 - 2013-10-22 14:13 - 00000000 ____D C:\Users\mciccione\AppData\Local\Acro Software Inc 2013-10-16 17:40 - 2013-10-16 18:09 - 00038912 _____ C:\Users\mciccione\Desktop\Beale AFB Opening training order.xls 2013-10-11 08:29 - 2013-10-14 10:14 - 00043520 _____ C:\Users\mciccione\Desktop\WMC at USF San Fran Catalog 07 OCT 2013.xls 2013-10-09 05:00 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 05:00 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 05:00 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 05:00 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 05:00 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 05:00 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 05:00 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 05:00 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 05:00 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 05:00 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 05:00 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-09 05:00 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-09 02:01 - 2013-10-09 02:01 - 00000000 ____D C:\24c7baefad118b12ed54b8ef09 2013-10-08 22:33 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-08 22:33 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-08 22:33 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-08 22:33 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-08 22:33 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-08 22:33 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-08 22:33 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-08 22:33 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-08 22:33 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-08 22:33 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-08 22:33 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-08 22:33 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-08 22:33 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-08 22:33 - 2013-08-28 17:50 - 00077824 _____ C:\Users\mciccione\AppData\Roaming\Other.res 2013-10-08 22:33 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-08 22:33 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-08 22:33 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-08 22:33 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-08 22:33 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-08 22:33 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-08 22:33 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-08 22:33 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-08 22:33 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-08 22:33 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-08 22:33 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2013-10-08 22:33 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-08 22:33 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-08 22:33 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-08 22:33 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-08 22:33 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-08 22:33 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-08 22:33 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-08 22:33 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-08 22:33 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-08 22:33 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-08 22:33 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-08 22:33 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-08 22:33 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-08 22:33 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-08 22:33 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-08 22:33 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-08 22:33 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-08 22:33 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-08 22:33 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-08 22:33 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-08 22:33 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-08 22:33 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-08 22:29 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-08 22:29 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-08 22:29 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-08 22:29 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-08 22:29 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-08 22:29 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-08 22:29 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-08 22:29 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-07 07:48 - 2013-10-16 20:41 - 00213504 _____ C:\Users\mciccione\Desktop\USF San Fran Catalog 07 OCT 2013.xls 2013-10-04 05:53 - 2013-10-04 05:53 - 00018370 _____ C:\Users\mciccione\Documents\REGIONAL CONTACT LISTING JUN2013.xlsx ==================== One Month Modified Files and Folders ======= 2013-11-03 19:57 - 2013-11-03 19:57 - 00000000 ____D C:\FRST 2013-11-03 19:51 - 2013-11-03 19:51 - 00000648 _____ C:\Users\mciccione\Desktop\OTLPENet(1) - Shortcut.lnk 2013-11-03 19:47 - 2013-11-03 19:47 - 00069458 _____ C:\Users\mciccione\Desktop\OTL.Txt 2013-11-03 19:31 - 2009-07-13 21:13 - 00747928 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-03 19:24 - 2012-02-24 07:59 - 01146117 _____ C:\Windows\WindowsUpdate.log 2013-11-03 19:12 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-03 19:12 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-03 19:11 - 2012-06-20 17:51 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-03 19:08 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-03 19:08 - 2009-07-13 20:51 - 00051888 _____ C:\Windows\setupact.log 2013-11-03 19:07 - 2012-02-24 12:02 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-03 19:03 - 2012-06-20 17:51 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-03 18:19 - 2012-02-27 06:47 - 00000000 ____D C:\Users\administrator 2013-11-03 18:19 - 2012-02-27 06:19 - 00000000 ____D C:\Users\mciccione 2013-11-03 18:19 - 2012-02-24 12:11 - 00000000 ____D C:\Windows\SysWOW64\NV 2013-11-03 18:19 - 2012-02-24 12:11 - 00000000 ____D C:\Windows\system32\NV 2013-11-03 18:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-11-03 16:20 - 2012-04-06 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-03 14:06 - 2013-11-03 14:06 - 74186752 _____ C:\Windows\system32\config\software.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 22282240 _____ C:\Windows\system32\config\system.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\security.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\sam.bhv 2013-11-03 14:06 - 2013-11-03 14:06 - 00262144 _____ C:\Windows\system32\config\default.bhv 2013-11-03 13:47 - 2013-11-03 13:47 - 00000000 ____D C:\$Anvi Rescue Disk$ 2013-11-03 09:05 - 2012-03-17 14:45 - 00003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{767CA9B1-94A7-4D40-A7E3-B9AFB22BACC4} 2013-11-03 07:58 - 2012-03-21 17:42 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152UA.job 2013-11-03 07:22 - 2012-02-27 08:48 - 00000000 ____D C:\ProgramData\LogMeIn 2013-11-02 06:30 - 2012-02-27 08:43 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Skype 2013-11-02 06:26 - 2012-03-01 13:00 - 00000000 ____D C:\Users\mciccione\Documents\Outlook Files 2013-11-02 06:25 - 2013-02-19 07:31 - 101903715 _____ C:\Users\mciccione\AppData\Local\SN_Outlook2007.log 2013-11-02 05:56 - 2012-03-21 17:42 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152Core.job 2013-11-01 11:59 - 2012-02-29 14:44 - 00000000 ____D C:\Users\mciccione\Documents\My Discovery Files 2013-11-01 06:41 - 2013-11-01 06:41 - 00010619 _____ C:\Users\mciccione\Desktop\SDS Mess Halls.xlsx 2013-10-31 08:10 - 2013-10-30 06:26 - 00012033 _____ C:\Users\mciccione\Desktop\EGG Copeative Sheet USF SD NOV 2013.xlsx 2013-10-31 05:12 - 2013-10-30 05:11 - 00000000 ____D C:\Users\mciccione\Desktop\CARGILL SOCAL 2013-10-31 04:40 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qucao 2013-10-30 08:16 - 2012-07-25 10:47 - 00000000 ____D C:\Users\mciccione\Desktop\NAPA NSN LSN 2013-10-30 05:36 - 2012-03-12 14:41 - 00000000 ____D C:\Users\mciccione\AppData\Local\CutePDF Writer 2013-10-30 04:14 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ecna 2013-10-29 14:05 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-10-28 15:38 - 2012-07-08 11:48 - 00000000 ____D C:\Windows\System32\Tasks\Games 2013-10-28 15:38 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-28 13:19 - 2012-03-01 17:02 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Apple Computer 2013-10-28 13:19 - 2012-03-01 17:00 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-10-28 13:05 - 2013-09-27 16:45 - 00000000 ____D C:\Users\mciccione\AppData\Local\9BF90948-A34F-40B9-88B0-29D87E2DA71D.aplzod 2013-10-28 10:42 - 2012-02-24 12:10 - 00042354 _____ C:\Windows\PFRO.log 2013-10-28 08:43 - 2012-02-27 08:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2013-10-28 08:42 - 2012-02-27 08:48 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2013-10-28 08:42 - 2012-02-27 08:48 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2013-10-28 08:42 - 2012-02-27 08:48 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2013-10-28 08:01 - 2013-10-28 08:01 - 00122880 _____ C:\Users\mciccione\AppData\Roaming\verison.dll 2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Rociif 2013-10-28 08:01 - 2013-10-28 08:01 - 00000000 _____ C:\Users\mciccione\8189166.exe 2013-10-28 08:01 - 2012-03-21 17:42 - 00000000 ____D C:\Users\mciccione\AppData\Local\Google 2013-10-26 20:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-26 17:35 - 2013-10-26 08:11 - 00001465 _____ C:\Users\mciccione\Sti_Trace.log 2013-10-26 08:12 - 2013-10-26 08:11 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Canon 2013-10-26 08:06 - 2013-10-26 08:06 - 00000988 _____ C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk 2013-10-26 08:06 - 2013-10-26 08:06 - 00000000 ____D C:\Program Files (x86)\Canon 2013-10-26 08:06 - 2012-02-24 11:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-26 08:04 - 2013-10-26 08:04 - 00000000 ___HD C:\CanoScan 2013-10-26 07:57 - 2013-10-26 07:57 - 00000000 ____D C:\Users\mciccione\AppData\Local\DriverTuner 2013-10-24 04:58 - 2012-08-24 11:57 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Mozilla 2013-10-23 06:09 - 2013-10-23 06:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-23 06:09 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files\iTunes 2013-10-23 06:09 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-23 06:08 - 2013-10-23 06:08 - 00000000 ____D C:\Program Files\iPod 2013-10-23 05:17 - 2013-10-22 16:35 - 00021045 _____ C:\Users\mciccione\Desktop\DODAAC Ships List OCT 2013.xlsx 2013-10-22 14:18 - 2013-02-27 08:06 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-10-22 14:14 - 2013-02-20 09:36 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Epson 2013-10-22 14:14 - 2012-11-10 13:45 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com 2013-10-22 14:14 - 2012-03-06 09:14 - 00000000 ____D C:\Users\User\Desktop\EDI 2013-10-22 14:14 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-10-22 14:14 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-22 14:14 - 2012-02-27 06:19 - 00000000 ___RD C:\Users\mciccione\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-22 14:14 - 2012-02-24 05:04 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2013-10-22 14:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2013-10-22 14:13 - 2013-10-21 18:11 - 00000000 ____D C:\Users\mciccione\AppData\Local\Acro Software Inc 2013-10-22 14:13 - 2013-10-02 21:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-22 14:13 - 2013-09-16 15:45 - 00000000 ____D C:\Users\mciccione\AppData\Local\Citrix 2013-10-22 14:13 - 2013-03-13 11:29 - 00000000 ____D C:\Users\mciccione\ADMX 2013-10-22 14:13 - 2013-03-13 11:29 - 00000000 ____D C:\Users\mciccione\Admin 2013-10-22 14:13 - 2012-05-21 12:40 - 00000000 ____D C:\Users\mciccione\AppData\Local\join.me 2013-10-22 14:13 - 2012-02-27 08:43 - 00000000 ____D C:\ProgramData\Skype 2013-10-22 14:13 - 2012-02-27 07:46 - 00000000 ____D C:\Users\mciccione\AppData\Local\Microsoft Help 2013-10-22 14:13 - 2012-02-27 07:46 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-22 14:12 - 2012-02-24 11:59 - 00000000 ____D C:\Users\User\AppData\Local\Dell 2013-10-22 14:12 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-10-22 14:11 - 2012-04-23 11:23 - 00000000 ____D C:\Users\mciccione\Documents\Fax 2013-10-22 14:11 - 2012-03-26 19:06 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Avery 2013-10-22 14:11 - 2012-02-29 14:34 - 00000000 ____D C:\Users\mciccione\Desktop\WORKING FOLDER MASTER 2013-10-22 14:11 - 2012-02-27 08:54 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Adobe 2013-10-22 14:11 - 2012-02-27 06:19 - 00000000 ____D C:\Users\mciccione\AppData\Local\VirtualStore 2013-10-22 14:10 - 2012-08-29 06:17 - 00000000 ____D C:\Users\mciccione\AppData\Local\Mozilla 2013-10-22 14:08 - 2012-02-27 08:46 - 00000000 ____D C:\Users\mciccione\AppData\Local\Apps\2.0 2013-10-22 10:37 - 2013-10-22 05:49 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Xenaebdi 2013-10-22 10:37 - 2013-10-22 05:49 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Okkeynit 2013-10-22 10:37 - 2013-10-21 18:59 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ulanewa 2013-10-22 10:37 - 2013-10-21 18:54 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Qareecg 2013-10-22 10:37 - 2013-10-21 18:53 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Dyaxwyux 2013-10-22 10:37 - 2013-10-21 18:51 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ehcymiu 2013-10-22 08:57 - 2013-10-21 18:58 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Ifyxeku 2013-10-22 08:52 - 2013-10-21 18:50 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Iqdyydm 2013-10-22 07:24 - 2013-10-22 06:09 - 00000000 ____D C:\Users\mciccione\AppData\Local\CrashDumps 2013-10-21 18:45 - 2013-02-26 05:55 - 00000000 ____D C:\Users\mciccione\AppData\Roaming\Leader Technologies 2013-10-16 20:41 - 2013-10-07 07:48 - 00213504 _____ C:\Users\mciccione\Desktop\USF San Fran Catalog 07 OCT 2013.xls 2013-10-16 18:09 - 2013-10-16 17:40 - 00038912 _____ C:\Users\mciccione\Desktop\Beale AFB Opening training order.xls 2013-10-15 04:53 - 2012-03-21 17:42 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152UA 2013-10-15 04:53 - 2012-03-21 17:42 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1058691569-1557305187-1555467426-1152Core 2013-10-14 10:14 - 2013-10-11 08:29 - 00043520 _____ C:\Users\mciccione\Desktop\WMC at USF San Fran Catalog 07 OCT 2013.xls 2013-10-11 06:37 - 2013-09-01 16:50 - 00000000 ____D C:\Users\mciccione\Desktop\NEW GOALS 2013-10-11 06:15 - 2013-08-08 20:25 - 00000000 ____D C:\Users\mciccione\Desktop\Hawaii SEPT 2013 2013-10-11 05:58 - 2013-07-02 04:58 - 00000000 ____D C:\Users\mciccione\Desktop\RICHARD Working 2013-10-11 02:01 - 2012-02-27 07:06 - 00001945 _____ C:\Windows\epplauncher.mif 2013-10-11 02:00 - 2013-07-29 07:06 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-11 02:00 - 2013-07-29 07:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-10-09 14:56 - 2012-06-20 17:51 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-09 14:56 - 2012-06-20 17:51 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-09 12:28 - 2009-07-13 20:45 - 00300040 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-09 12:27 - 2012-09-22 12:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 12:27 - 2012-09-22 12:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 11:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-10-09 10:08 - 2013-02-20 09:34 - 00000000 ____D C:\Program Files (x86)\EPSON Software 2013-10-09 09:29 - 2012-02-29 17:07 - 00000000 ____D C:\Users\mciccione\Documents\My Scans 2013-10-09 04:53 - 2013-07-15 17:15 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 04:51 - 2012-02-27 07:44 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 02:01 - 2013-10-09 02:01 - 00000000 ____D C:\24c7baefad118b12ed54b8ef09 2013-10-08 15:20 - 2012-04-06 15:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 15:20 - 2012-04-06 15:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-08 15:20 - 2012-02-27 08:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-04 05:53 - 2013-10-04 05:53 - 00018370 _____ C:\Users\mciccione\Documents\REGIONAL CONTACT LISTING JUN2013.xlsx ZeroAccess: C:\Windows\Installer\{509ff5ec-1cf1-d1f1-3803-794194987c49} ZeroAccess: C:\$Recycle.Bin\S-1-5-21-1058691569-1557305187-1555467426-1152\$509ff5ec1cf1d1f13803794194987c49 Files to move or delete: ==================== ZeroAccess: C:\Users\mciccione\AppData\Local\Google\Desktop\Install C:\Users\mciccione\8189166.exe Some content of TEMP: ==================== C:\Users\mciccione\AppData\Local\Temp\b34btbztdb0vavaw.exe C:\Users\mciccione\AppData\Local\Temp\BrokerMediumIntegrity.exe C:\Users\mciccione\AppData\Local\Temp\converter.exe C:\Users\mciccione\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\mciccione\AppData\Local\Temp\GenericUninstall.exe C:\Users\mciccione\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\mciccione\AppData\Local\Temp\Setup.exe C:\Users\mciccione\AppData\Local\Temp\SkypeSetup.exe C:\Users\mciccione\AppData\Local\Temp\uninstaller.exe C:\Users\mciccione\AppData\Local\Temp\US_en_Avery_AW40.exe C:\Users\mciccione\AppData\Local\Temp\vVpDlfy.exe C:\Users\mciccione\AppData\Local\Temp\vVpDlfy0.exe C:\Users\mciccione\AppData\Local\Temp\WSSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 09:16 ==================== End Of Log ============================[/hr] [/QUOTE]
Insert quotes…
Verification
Post reply
Top