Cannot Remove pum.disabled.securitycenter

[cconroy8]

I recently realized my MS Security Essentials was not running. I ran Malwarebytes and pum.disabled.securitycenter was discovered, quarantined, and repaired. Security Essentials is still not running.

I followed the suggested steps from MrCharlie, posted on January 9, 2013 but am unable to download RogueKiller, Rkill, or any other preventitive applications to remove this. The download is stopped indicating it was a virus and was deleted.

I am now in safe mode, and still cannot download an application to stop this process in order to begin the repair.

Attached is the log file from the MWB scan.

Any suggestions?

AR-M257_20130521_104408.pdf

[Maniac]

Hello cconroy8 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[cconroy8]

Thanks.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2013

Ran by SYSTEM on 21-05-2013 12:04:09

Running from F:\

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess

HKLM-x32\...\Run: [] [x]

==================== Services (Whitelisted) =================

S2 HPSLPSVC; C:\Users\cconroy\AppData\Local\Temp\7zS655E\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()

S2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 11\PaperPort12\PDFProFiltSrvPP.exe [145256 2011-09-12] (Nuance Communications, Inc.)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2008-10-28] (Samsung Electronics)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S1 dvlcyhfk; \??\C:\Windows\system32\drivers\dvlcyhfk.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-21 12:02 - 2013-05-21 12:02 - 00000000 ____D C:\FRST

2013-05-21 07:35 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-21 07:35 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-21 07:35 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-21 07:35 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-21 07:35 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-21 07:35 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-21 07:35 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-21 07:35 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-21 07:35 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-21 07:35 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-21 07:35 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-21 07:35 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-21 07:35 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-21 07:35 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-21 07:35 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-21 07:35 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-21 07:35 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-21 07:35 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-21 07:35 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-21 07:35 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-21 07:35 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-21 07:35 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-21 07:35 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-21 07:35 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-21 07:35 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-21 07:35 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-21 07:35 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-21 07:35 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-21 07:35 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-21 07:35 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-21 07:35 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-21 07:35 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-21 07:34 - 2013-04-10 01:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-21 07:34 - 2013-04-10 01:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-21 07:34 - 2013-04-09 22:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-21 07:34 - 2013-03-19 00:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-21 07:34 - 2013-03-19 00:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-21 07:34 - 2013-02-27 01:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-21 07:34 - 2013-02-27 00:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-21 07:34 - 2013-02-27 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-21 07:34 - 2013-02-27 00:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-21 07:34 - 2013-02-27 00:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-21 07:34 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-21 07:34 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-21 07:34 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-21 07:34 - 2011-02-03 06:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-21 07:16 - 2013-05-21 07:16 - 00000000 ____D C:\Users\administrator\Application Data\Malwarebytes

2013-05-21 07:16 - 2013-05-21 07:16 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Malwarebytes

2013-05-21 06:57 - 2013-05-21 06:57 - 00000000 ____D C:\Windows\pss

2013-05-15 13:55 - 2013-05-15 13:58 - 00024064 ____A C:\Users\cconroy\Desktop\Nate Danny Baseball Schedule.xls

2013-05-14 08:01 - 2013-05-14 08:01 - 00000000 ____D C:\Users\cconroy\Application Data\Spam Soap

2013-05-14 08:01 - 2013-05-14 08:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Spam Soap

2013-05-14 07:54 - 2013-05-14 08:01 - 00000000 ____D C:\Users\cconroy\My Documents\Add-in Express

2013-05-14 07:54 - 2013-05-14 08:01 - 00000000 ____D C:\Users\cconroy\Documents\Add-in Express

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 __HDC C:\ProgramData\Application Data\{61DEB624-4422-453E-AC8F-49CD8BCD73F0}

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 __HDC C:\ProgramData\{61DEB624-4422-453E-AC8F-49CD8BCD73F0}

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\Local Settings\PackageAware

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\Local Settings\Application Data\PackageAware

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\AppData\Local\PackageAware

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Program Files\Spam Soap

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Program Files\Common Files\Outlook Security Manager

2013-05-10 08:52 - 2013-05-10 08:52 - 00102703 ____A C:\Users\cconroy\My Documents\Outlook Contacts.CSV

2013-05-10 08:52 - 2013-05-10 08:52 - 00102703 ____A C:\Users\cconroy\Documents\Outlook Contacts.CSV

2013-05-10 08:52 - 2013-05-10 08:52 - 00039033 ____A C:\Users\cconroy\Application Data\Comma Separated Values (Windows).ADR

2013-05-10 08:52 - 2013-05-10 08:52 - 00039033 ____A C:\Users\cconroy\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-05-10 07:46 - 2013-05-10 07:46 - 00002675 ____A C:\Users\Public\Desktop\Microsoft Office Outlook 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002675 ____A C:\ProgramData\Desktop\Microsoft Office Outlook 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002659 ____A C:\Users\Public\Desktop\Microsoft Office Excel 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002659 ____A C:\ProgramData\Desktop\Microsoft Office Excel 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002627 ____A C:\Users\Public\Desktop\Microsoft Office PowerPoint 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002627 ____A C:\ProgramData\Desktop\Microsoft Office PowerPoint 2003.lnk

2013-05-09 12:33 - 2013-05-15 13:56 - 00028017 ____A C:\Users\cconroy\Desktop\2013 Baseball Schedule.xlsx

2013-05-09 09:06 - 2013-05-21 07:54 - 00025845 ____A C:\Users\cconroy\Desktop\2013 Master Grabill Complex Schedule-Majors_Rev_3.xlsx

2013-05-09 07:32 - 2013-05-21 10:22 - 00000072 ____A C:\Users\Public\LMDebug.log

2013-05-08 10:03 - 2013-05-09 15:14 - 00000000 ____D C:\Users\cconroy\My Documents\SALES

2013-05-08 10:03 - 2013-05-09 15:14 - 00000000 ____D C:\Users\cconroy\Documents\SALES

2013-05-08 06:50 - 2013-05-08 06:50 - 00001411 ____A C:\Users\cconroy\Desktop\Internet Explorer (64-bit).lnk

2013-05-07 15:31 - 2013-05-07 15:31 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 15:30 - 2013-05-07 15:34 - 00007730 ____A C:\Windows\IE10_main.log

2013-05-07 15:29 - 2013-05-08 15:43 - 00013824 ____A C:\Users\cconroy\My Documents\Sales Priorty List.xls

2013-05-07 15:29 - 2013-05-08 15:43 - 00013824 ____A C:\Users\cconroy\Documents\Sales Priorty List.xls

2013-05-07 15:29 - 2013-05-07 15:29 - 00262506 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-05-07 15:29 - 2013-05-07 15:29 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2013-05-07 15:28 - 2013-05-07 15:28 - 00856576 ____A C:\Users\cconroy\My Documents\2013 Sales Workbook Draft.xls

2013-05-07 15:28 - 2013-05-07 15:28 - 00856576 ____A C:\Users\cconroy\Documents\2013 Sales Workbook Draft.xls

2013-05-07 07:34 - 2013-05-07 15:28 - 00029184 ____A C:\Users\cconroy\Desktop\Sale & Business development outline.xls

2013-05-06 14:05 - 2013-05-06 14:05 - 00000000 ____D C:\ProgramData\zeon

2013-05-06 14:05 - 2013-05-06 14:05 - 00000000 ____D C:\ProgramData\Application Data\zeon

2013-05-06 13:40 - 2013-05-06 14:15 - 00000000 ____D C:\ProgramData\Nuance

2013-05-06 13:40 - 2013-05-06 14:15 - 00000000 ____D C:\ProgramData\Application Data\Nuance

2013-05-06 13:40 - 2013-05-06 14:05 - 00000000 ____D C:\Program Files (x86)\Xerox Scan To PC Desktop 11

2013-05-06 13:40 - 2013-05-06 13:42 - 00000000 ____D C:\ProgramData\ScanSoft

2013-05-06 13:40 - 2013-05-06 13:42 - 00000000 ____D C:\ProgramData\Application Data\ScanSoft

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\My Documents\MyWebPages

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\Documents\MyWebPages

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\Application Data\Nuance

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Nuance

2013-05-06 12:21 - 2013-05-06 12:21 - 00000000 ____D C:\Users\cconroy\Local Settings\Xerox Network Scan

2013-05-06 12:21 - 2013-05-06 12:21 - 00000000 ____D C:\Users\cconroy\Local Settings\Application Data\Xerox Network Scan

2013-05-06 12:21 - 2013-05-06 12:21 - 00000000 ____D C:\Users\cconroy\AppData\Local\Xerox Network Scan

2013-05-06 11:01 - 2013-05-06 11:01 - 00008049 ____A C:\Users\cconroy\Application Data\XeroxFaxOptions.xml

2013-05-06 11:01 - 2013-05-06 11:01 - 00008049 ____A C:\Users\cconroy\AppData\Roaming\XeroxFaxOptions.xml

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\Application Data\Xerox

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\Application Data\Leadertech

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Xerox

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Leadertech

2013-05-06 11:01 - 2008-10-28 08:07 - 00054072 ___RA (Samsung Electronics) C:\Windows\System32\Drivers\DgivEcp.sys

2013-05-06 11:01 - 2008-10-28 08:07 - 00007297 ____N C:\Windows\SysWOW64\SSPORT.CAT

2013-05-06 11:01 - 2008-10-28 08:07 - 00007297 ____N C:\Windows\SysWOW64\DgivEcp.cat

2013-05-06 11:00 - 2013-05-06 11:01 - 00000167 ____A C:\Windows\faxsetup.log

2013-05-06 11:00 - 2013-05-06 11:00 - 00001992 ____A C:\Users\Public\Desktop\Network Scan.lnk

2013-05-06 11:00 - 2013-05-06 11:00 - 00001992 ____A C:\ProgramData\Desktop\Network Scan.lnk

2013-05-06 11:00 - 2013-05-06 11:00 - 00000090 ____A C:\Windows\scnsetup.log

2013-05-06 11:00 - 2013-05-06 11:00 - 00000000 ____D C:\Windows\Xerox

2013-05-06 11:00 - 2009-12-29 01:12 - 00479232 ____A () C:\Windows\ssndii.exe

2013-05-06 11:00 - 2009-04-02 09:01 - 00080896 ____A C:\Windows\System32\XeroxFaxPort64.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 01693696 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTCLR13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 01402368 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltdlg13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 01009664 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltwvc13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00935088 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTR13N.DLL

2013-05-06 11:00 - 2009-04-02 08:51 - 00747008 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltocx13n.ocx

2013-05-06 11:00 - 2009-04-02 08:51 - 00536752 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTRVW13N.OCX

2013-05-06 11:00 - 2009-04-02 08:51 - 00470720 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTRPR13n.DLL

2013-05-06 11:00 - 2009-04-02 08:51 - 00458752 ____A (Samsung Software Center) C:\Windows\prinst.exe

2013-05-06 11:00 - 2009-04-02 08:51 - 00446464 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltkrn13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00445440 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimg13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00427008 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP13s.DLL

2013-05-06 11:00 - 2009-04-02 08:51 - 00408576 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP13n.DLL

2013-05-06 11:00 - 2009-04-02 08:51 - 00313008 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTRIO13N.DLL

2013-05-06 11:00 - 2009-04-02 08:51 - 00275456 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFJ2K13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00271360 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFJ2K13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00269312 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDIS13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00212480 ____A (Eastman Kodak) C:\Windows\SysWOW64\PCDLIB32.DLL

2013-05-06 11:00 - 2009-04-02 08:51 - 00206848 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltefx13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00185856 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfpng13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00181760 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfpng13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00172032 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lftif13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00158720 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltpnt13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00144384 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltfil13n.DLL

2013-05-06 11:00 - 2009-04-02 08:51 - 00132096 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lftif13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00131584 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfjbg13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00114176 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTOCR13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00114176 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lffax13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00111104 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpsd13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00108032 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTTLB13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00095232 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltpdg13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00090112 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfjbg13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00081920 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfeps13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00073728 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lffax13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00070656 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfbmp13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00069632 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltbar13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00068096 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfiff13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00065536 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcx13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00065536 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfani13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00065024 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfclp13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00062976 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFPNM13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00060928 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfimg13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00060416 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfitg13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00059904 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcd13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00059392 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfmsp13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00058880 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfavi13s.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00055808 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpsd13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00051200 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltlst13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00047616 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfeps13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00044032 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lttwn13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00032256 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lttmb13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00031744 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfclp13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00031232 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFPNM13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00030208 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfbmp13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00027648 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfiff13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00026624 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcx13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00025600 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfani13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00020992 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfimg13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00019968 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcd13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00019968 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfitg13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00018944 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfmsp13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00018944 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfavi13n.dll

2013-05-06 11:00 - 2009-04-02 08:51 - 00000422 ____A C:\Windows\SysWOW64\ltocx13.lic

2013-05-06 11:00 - 2008-10-28 08:07 - 00172032 ____N C:\Windows\SysWOW64\SecSNMP.dll

2013-05-06 11:00 - 2008-09-08 17:54 - 00151552 ____A (SS) C:\Windows\System32\xp3220ci.exe

2013-05-06 11:00 - 2008-09-08 17:54 - 00089600 ____A (SS) C:\Windows\System32\xp3220ci.dll

2013-05-06 10:59 - 2009-12-29 01:13 - 00110592 ___RA C:\Windows\Wiainst.exe

2013-05-06 10:59 - 2008-10-28 03:58 - 00701440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll

2013-05-06 10:59 - 2008-10-28 03:58 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll

2013-05-06 10:59 - 2008-10-28 03:58 - 00038160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll

2013-05-06 10:59 - 2008-10-28 03:58 - 00021776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll

2013-05-06 10:58 - 2009-12-27 21:05 - 00333312 ____A C:\Windows\System32\SaMinDrv.dll

2013-05-06 10:58 - 2009-12-27 21:05 - 00129536 ____A C:\Windows\System32\SaImgFlt.dll

2013-05-06 10:58 - 2009-12-27 21:05 - 00098816 ____A C:\Windows\System32\SaSegFlt.dll

2013-05-06 10:58 - 2009-12-27 21:05 - 00055808 ____A C:\Windows\System32\SaErHdlr.dll

2013-05-06 10:58 - 2009-12-27 20:32 - 00043520 ____A (Samsung Electronics) C:\Windows\System32\Ssusbp64.dll

2013-05-06 10:58 - 2008-10-28 08:07 - 00081920 ____N (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll

2013-05-06 10:58 - 2008-10-27 21:56 - 00000357 ____A C:\Windows\System32\sxs2ml6.smt

2013-05-06 10:58 - 2008-10-27 21:55 - 00151552 ____A (SS) C:\Windows\System32\sxs2mci.exe

2013-05-06 10:58 - 2008-10-27 21:55 - 00089600 ____A (SS) C:\Windows\System32\sxs2mci.dll

2013-05-06 10:58 - 2008-10-27 01:37 - 00073728 ____A (Samsung Electronics) C:\Windows\System32\Ssdevm64.dll

2013-05-06 10:58 - 2008-10-27 01:37 - 00049152 ____A (Samsung Electronics) C:\Windows\SysWOW64\Ssusbpn.dll

2013-05-06 10:57 - 2013-05-06 11:00 - 00000000 ____D C:\Program Files (x86)\Xerox

2013-04-24 14:18 - 2013-04-24 14:18 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-24 14:18 - 2013-04-04 04:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-04-24 14:18 - 2013-04-04 04:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-04-24 14:18 - 2013-04-04 04:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-04-24 06:27 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-21 12:02 - 2013-05-21 12:02 - 00000000 ____D C:\FRST

2013-05-21 10:51 - 2012-03-23 05:53 - 01334337 ____A C:\Windows\WindowsUpdate.log

2013-05-21 10:40 - 2009-07-14 00:13 - 00797806 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-21 10:37 - 2012-05-25 06:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-21 10:24 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-21 10:24 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-21 10:22 - 2013-05-09 07:32 - 00000072 ____A C:\Users\Public\LMDebug.log

2013-05-21 10:16 - 2012-05-09 14:05 - 00000160 ____A C:\Windows\System32\config\netlogon.ftl

2013-05-21 10:16 - 2012-03-23 04:14 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-05-21 10:16 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-21 10:16 - 2009-07-13 23:51 - 00047605 ____A C:\Windows\setupact.log

2013-05-21 08:49 - 2011-02-10 09:33 - 00813066 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-05-21 07:54 - 2013-05-09 09:06 - 00025845 ____A C:\Users\cconroy\Desktop\2013 Master Grabill Complex Schedule-Majors_Rev_3.xlsx

2013-05-21 07:45 - 2012-05-09 14:23 - 00000000 ___RD C:\Users\cconroy\Virtual Machines

2013-05-21 07:45 - 2009-07-13 23:45 - 00396144 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-21 07:41 - 2009-07-13 21:34 - 00000499 ____A C:\Windows\win.ini

2013-05-21 07:39 - 2012-05-09 13:45 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-21 07:24 - 2010-11-20 22:47 - 00047768 ____A C:\Windows\PFRO.log

2013-05-21 07:16 - 2013-05-21 07:16 - 00000000 ____D C:\Users\administrator\Application Data\Malwarebytes

2013-05-21 07:16 - 2013-05-21 07:16 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Malwarebytes

2013-05-21 07:16 - 2012-07-09 07:50 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-21 07:16 - 2012-07-09 07:50 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-21 07:16 - 2012-07-09 07:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-21 07:09 - 2012-05-09 14:28 - 00000000 ___RD C:\Users\administrator\Virtual Machines

2013-05-21 06:57 - 2013-05-21 06:57 - 00000000 ____D C:\Windows\pss

2013-05-20 15:10 - 2012-05-10 09:22 - 00000214 ____A C:\Users\cconroy\My Documents\PROPHGEO.DSN

2013-05-20 15:10 - 2012-05-10 09:22 - 00000214 ____A C:\Users\cconroy\Documents\PROPHGEO.DSN

2013-05-20 14:59 - 2012-05-09 13:07 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2013-05-20 13:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF

2013-05-20 12:44 - 2012-05-10 07:55 - 00000212 ____A C:\Users\cconroy\My Documents\PROACCT.DSN

2013-05-20 12:44 - 2012-05-10 07:55 - 00000212 ____A C:\Users\cconroy\Documents\PROACCT.DSN

2013-05-17 13:31 - 2012-05-10 07:44 - 00000000 ____D C:\Users\cconroy\Local Settings\Deployment

2013-05-17 13:31 - 2012-05-10 07:44 - 00000000 ____D C:\Users\cconroy\Local Settings\Application Data\Deployment

2013-05-17 13:31 - 2012-05-10 07:44 - 00000000 ____D C:\Users\cconroy\AppData\Local\Deployment

2013-05-15 13:58 - 2013-05-15 13:55 - 00024064 ____A C:\Users\cconroy\Desktop\Nate Danny Baseball Schedule.xls

2013-05-15 13:56 - 2013-05-09 12:33 - 00028017 ____A C:\Users\cconroy\Desktop\2013 Baseball Schedule.xlsx

2013-05-15 09:37 - 2012-05-25 06:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 09:37 - 2012-03-23 04:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-14 08:01 - 2013-05-14 08:01 - 00000000 ____D C:\Users\cconroy\Application Data\Spam Soap

2013-05-14 08:01 - 2013-05-14 08:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Spam Soap

2013-05-14 08:01 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\My Documents\Add-in Express

2013-05-14 08:01 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\Documents\Add-in Express

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 __HDC C:\ProgramData\Application Data\{61DEB624-4422-453E-AC8F-49CD8BCD73F0}

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 __HDC C:\ProgramData\{61DEB624-4422-453E-AC8F-49CD8BCD73F0}

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\Local Settings\PackageAware

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\Local Settings\Application Data\PackageAware

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Users\cconroy\AppData\Local\PackageAware

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Program Files\Spam Soap

2013-05-14 07:54 - 2013-05-14 07:54 - 00000000 ____D C:\Program Files\Common Files\Outlook Security Manager

2013-05-12 12:01 - 2012-05-09 13:07 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2013-05-10 08:52 - 2013-05-10 08:52 - 00102703 ____A C:\Users\cconroy\My Documents\Outlook Contacts.CSV

2013-05-10 08:52 - 2013-05-10 08:52 - 00102703 ____A C:\Users\cconroy\Documents\Outlook Contacts.CSV

2013-05-10 08:52 - 2013-05-10 08:52 - 00039033 ____A C:\Users\cconroy\Application Data\Comma Separated Values (Windows).ADR

2013-05-10 08:52 - 2013-05-10 08:52 - 00039033 ____A C:\Users\cconroy\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-05-10 08:11 - 2012-05-10 07:44 - 00102728 ____A C:\Users\cconroy\Local Settings\GDIPFONTCACHEV1.DAT

2013-05-10 08:11 - 2012-05-10 07:44 - 00102728 ____A C:\Users\cconroy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-05-10 08:11 - 2012-05-10 07:44 - 00102728 ____A C:\Users\cconroy\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-10 07:46 - 2013-05-10 07:46 - 00002675 ____A C:\Users\Public\Desktop\Microsoft Office Outlook 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002675 ____A C:\ProgramData\Desktop\Microsoft Office Outlook 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002659 ____A C:\Users\Public\Desktop\Microsoft Office Excel 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002659 ____A C:\ProgramData\Desktop\Microsoft Office Excel 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002627 ____A C:\Users\Public\Desktop\Microsoft Office PowerPoint 2003.lnk

2013-05-10 07:46 - 2013-05-10 07:46 - 00002627 ____A C:\ProgramData\Desktop\Microsoft Office PowerPoint 2003.lnk

2013-05-10 07:46 - 2012-05-09 14:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-05-10 07:46 - 2010-11-21 02:17 - 00000000 ____D C:\Windows\ShellNew

2013-05-10 07:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help

2013-05-09 15:14 - 2013-05-08 10:03 - 00000000 ____D C:\Users\cconroy\My Documents\SALES

2013-05-09 15:14 - 2013-05-08 10:03 - 00000000 ____D C:\Users\cconroy\Documents\SALES

2013-05-08 15:43 - 2013-05-07 15:29 - 00013824 ____A C:\Users\cconroy\My Documents\Sales Priorty List.xls

2013-05-08 15:43 - 2013-05-07 15:29 - 00013824 ____A C:\Users\cconroy\Documents\Sales Priorty List.xls

2013-05-08 11:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-05-08 06:50 - 2013-05-08 06:50 - 00001411 ____A C:\Users\cconroy\Desktop\Internet Explorer (64-bit).lnk

2013-05-08 06:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-05-08 06:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-05-08 06:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-05-08 06:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-05-08 06:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-05-07 15:34 - 2013-05-07 15:30 - 00007730 ____A C:\Windows\IE10_main.log

2013-05-07 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-05-07 15:31 - 2013-05-07 15:31 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 15:31 - 2013-05-07 15:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 15:29 - 2013-05-07 15:29 - 00262506 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-05-07 15:29 - 2013-05-07 15:29 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2013-05-07 15:28 - 2013-05-07 15:28 - 00856576 ____A C:\Users\cconroy\My Documents\2013 Sales Workbook Draft.xls

2013-05-07 15:28 - 2013-05-07 15:28 - 00856576 ____A C:\Users\cconroy\Documents\2013 Sales Workbook Draft.xls

2013-05-07 15:28 - 2013-05-07 07:34 - 00029184 ____A C:\Users\cconroy\Desktop\Sale & Business development outline.xls

2013-05-06 14:15 - 2013-05-06 13:40 - 00000000 ____D C:\ProgramData\Nuance

2013-05-06 14:15 - 2013-05-06 13:40 - 00000000 ____D C:\ProgramData\Application Data\Nuance

2013-05-06 14:05 - 2013-05-06 14:05 - 00000000 ____D C:\ProgramData\zeon

2013-05-06 14:05 - 2013-05-06 14:05 - 00000000 ____D C:\ProgramData\Application Data\zeon

2013-05-06 14:05 - 2013-05-06 13:40 - 00000000 ____D C:\Program Files (x86)\Xerox Scan To PC Desktop 11

2013-05-06 13:42 - 2013-05-06 13:40 - 00000000 ____D C:\ProgramData\ScanSoft

2013-05-06 13:42 - 2013-05-06 13:40 - 00000000 ____D C:\ProgramData\Application Data\ScanSoft

2013-05-06 13:42 - 2010-10-22 06:21 - 00034474 ____A C:\Windows\MAXLINK.INI

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\My Documents\MyWebPages

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\Documents\MyWebPages

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\Application Data\Nuance

2013-05-06 13:40 - 2013-05-06 13:40 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Nuance

2013-05-06 13:02 - 2012-05-09 13:44 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0

2013-05-06 12:21 - 2013-05-06 12:21 - 00000000 ____D C:\Users\cconroy\Local Settings\Xerox Network Scan

2013-05-06 12:21 - 2013-05-06 12:21 - 00000000 ____D C:\Users\cconroy\Local Settings\Application Data\Xerox Network Scan

2013-05-06 12:21 - 2013-05-06 12:21 - 00000000 ____D C:\Users\cconroy\AppData\Local\Xerox Network Scan

2013-05-06 12:21 - 2012-03-23 04:36 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks

2013-05-06 12:21 - 2012-03-23 04:36 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks

2013-05-06 12:21 - 2012-03-23 04:36 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-05-06 12:21 - 2012-03-23 04:36 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks

2013-05-06 12:21 - 2012-03-23 04:36 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks

2013-05-06 12:21 - 2012-03-23 04:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-05-06 11:01 - 2013-05-06 11:01 - 00008049 ____A C:\Users\cconroy\Application Data\XeroxFaxOptions.xml

2013-05-06 11:01 - 2013-05-06 11:01 - 00008049 ____A C:\Users\cconroy\AppData\Roaming\XeroxFaxOptions.xml

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\Application Data\Xerox

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\Application Data\Leadertech

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Xerox

2013-05-06 11:01 - 2013-05-06 11:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Leadertech

2013-05-06 11:01 - 2013-05-06 11:00 - 00000167 ____A C:\Windows\faxsetup.log

2013-05-06 11:00 - 2013-05-06 11:00 - 00001992 ____A C:\Users\Public\Desktop\Network Scan.lnk

2013-05-06 11:00 - 2013-05-06 11:00 - 00001992 ____A C:\ProgramData\Desktop\Network Scan.lnk

2013-05-06 11:00 - 2013-05-06 11:00 - 00000090 ____A C:\Windows\scnsetup.log

2013-05-06 11:00 - 2013-05-06 11:00 - 00000000 ____D C:\Windows\Xerox

2013-05-06 11:00 - 2013-05-06 10:57 - 00000000 ____D C:\Program Files (x86)\Xerox

2013-05-06 11:00 - 2012-03-23 04:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-05-05 16:36 - 2013-05-21 07:35 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-05 16:16 - 2013-05-21 07:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-05 14:25 - 2013-05-21 07:35 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-05 14:12 - 2013-05-21 07:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-02 10:29 - 2010-11-20 22:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-02 10:17 - 2012-05-31 14:40 - 00000211 ____A C:\Users\cconroy\My Documents\PROTAX.DSN

2013-05-02 10:17 - 2012-05-31 14:40 - 00000211 ____A C:\Users\cconroy\Documents\PROTAX.DSN

2013-04-24 14:18 - 2013-04-24 14:18 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-24 14:18 - 2013-04-16 06:28 - 00000000 ____D C:\Program Files (x86)\Java

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1\@

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1\L

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1\U

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1\@

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1\L

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1\U

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-24 14:18:06

Restore point made on: 2013-04-24 15:39:54

Restore point made on: 2013-04-28 01:05:01

Restore point made on: 2013-05-02 01:05:30

Restore point made on: 2013-05-06 10:32:00

Restore point made on: 2013-05-06 11:00:18

Restore point made on: 2013-05-06 11:00:43

Restore point made on: 2013-05-06 13:02:00

Restore point made on: 2013-05-06 13:02:31

Restore point made on: 2013-05-06 13:02:58

Restore point made on: 2013-05-06 13:03:33

Restore point made on: 2013-05-06 13:04:52

Restore point made on: 2013-05-06 13:41:07

Restore point made on: 2013-05-06 13:42:46

Restore point made on: 2013-05-06 13:43:21

Restore point made on: 2013-05-07 15:29:32

Restore point made on: 2013-05-08 06:46:06

Restore point made on: 2013-05-08 06:53:27

Restore point made on: 2013-05-15 16:14:21

Restore point made on: 2013-05-21 07:34:35

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 4008.63 MB

Available physical RAM: 3411.41 MB

Total Pagefile: 4006.83 MB

Available Pagefile: 3402.53 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:397.05 GB) NTFS (Disk=0 Partition=3)

Drive e: (RECOVERY) (Fixed) (Total:16.15 GB) (Free:8.44 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive f: () (Removable) (Total:3.74 GB) (Free:1.41 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: 577D9666)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

Last Boot: 2013-05-13 23:31

==================== End Of Log ============================

[Maniac]

I'm afraid I have bad news.

One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

I suggest you disconnect this computer from the Internet immediately you finish reading this post.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted.

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on Internet theft and when to reformat!

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

[cconroy8]

Can you tell when this occurred?

[cconroy8]

If I decide to reformat, can I safely save my documents?

[Maniac]

Can you tell when this occurred?

No, I can't tell for sure.

If I decide to reformat, can I safely save my documents?

Dependso on what kind of files you want to backup. If you want pictures and documents is okay, but is not good for executable files (.exe , .com).

[cconroy8]

Documents and favorites is all. Ok to save internet favorites?

[Maniac]

Yes, it is okay.

Some future malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Good luck!

[cconroy8]

I just talked to my IT guy. He would like me to follow your repair suggestions before reformatting. His opinion is a reformat most likely will not solve this. He thinks an Fdisc would be required. Can we proceed with your suggestions? I assume the next thing to do is download Malwarebytes Root Killer?

[Maniac]

Yes, it is okay to try to clean your system. You should know I can't guarantee that it will be 100% secure afterwards.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the flashdrive as fixlist.txt

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]

HKLM-x32\...\Run: [] [x]

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

[cconroy8]

Sorry for the delay. I'm unable to run the FRST from the command prompt on System Recovery. I can, however run it from a normal boot directly from the flash drive. I did not do that yet, wanted to confirm its ok to do it this way?

[Maniac]

Yes, please try.

[cconroy8]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2013

Ran by cconroy at 2013-05-21 13:27:26 Run:1

Running from E:\

Boot Mode: Normal

==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.

==== End of Fixlog ====

[Maniac]

Please once again with this script:

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1

[cconroy8]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2013

Ran by cconroy at 2013-05-21 13:33:23 Run:2

Running from E:\

Boot Mode: Normal

==============================================

C:\$Recycle.Bin\S-1-5-18\$7bfdf97b4e6df226e85ca1bc2e46f8b1 => Moved successfully.

==== End of Fixlog ====

[Maniac]

That's strange. Why only the first line? Did you post both of them? Please run the script with last line:

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1

[cconroy8]

I thought so too. I ran with both lines. Will rerun.

[cconroy8]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2013

Ran by cconroy at 2013-05-21 13:45:12 Run:3

Running from E:\

Boot Mode: Normal

==============================================

C:\$Recycle.Bin\S-1-5-21-2338040393-130750086-1030727200-1182\$7bfdf97b4e6df226e85ca1bc2e46f8b1 => Moved successfully.

==== End of Fixlog ====

[cconroy8]

Is this fixed now?

[cconroy8]

Are you still with me?

[cconroy8]

Here is the next scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2013

Ran by cconroy (administrator) on 21-05-2013 14:40:11

Running from E:\

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

(Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 11\PaperPort12\PDFProFiltSrvPP.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Farbar) E:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

HKCU SearchScopes: DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&tbp=rbox&toolbarid=blekkotb_soc&u=20120510D77B43639A3B4630490C227A&q={searchTerms}

BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Xerox Scan To PC Desktop 11\PDFViewer5\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

PDF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

PDF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/support/ieatgpc1.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File

Handler: msdaipp - No CLSID Value -

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Handler-x32: msdaipp - No CLSID Value -

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\TransCore\3sixty Freight Match Prerequisites\Skype4COM.dll (Skype Technologies)

Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File

Tcpip\Parameters: [DhcpNameServer] 172.30.10.15

==================== Services (Whitelisted) =================

R2 HPSLPSVC; C:\Users\cconroy\AppData\Local\Temp\7zS655E\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()

R2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 11\PaperPort12\PDFProFiltSrvPP.exe [145256 2011-09-12] (Nuance Communications, Inc.)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2008-10-28] (Samsung Electronics)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S1 dvlcyhfk; \??\C:\Windows\system32\drivers\dvlcyhfk.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-21 13:02 - 2013-05-21 13:02 - 00000000 ____D C:\FRST

2013-05-21 08:35 - 2013-05-05 17:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-21 08:35 - 2013-05-05 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-21 08:35 - 2013-05-05 15:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-21 08:35 - 2013-05-05 15:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-21 08:35 - 2013-04-04 21:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-21 08:35 - 2013-04-04 21:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-21 08:35 - 2013-04-04 21:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-21 08:35 - 2013-04-04 21:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-21 08:35 - 2013-04-04 20:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-21 08:35 - 2013-04-04 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-21 08:35 - 2013-04-04 20:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-21 08:35 - 2013-04-04 20:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-21 08:35 - 2013-04-04 20:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-21 08:35 - 2013-04-04 20:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-21 08:35 - 2013-04-04 20:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-21 08:35 - 2013-04-04 20:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-21 08:35 - 2013-04-04 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-21 08:35 - 2013-04-04 20:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-21 08:35 - 2013-04-04 18:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-21 08:35 - 2013-04-04 18:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-21 08:35 - 2013-04-04 18:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-05-21 08:35 - 2013-04-04 18:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-21 08:35 - 2013-04-04 18:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-21 08:35 - 2013-04-04 18:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-05-21 08:35 - 2013-04-04 17:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-21 08:35 - 2013-04-04 17:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-21 08:35 - 2013-04-04 17:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-05-21 08:35 - 2013-04-04 17:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-05-21 08:35 - 2013-04-04 17:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-21 08:35 - 2013-04-04 17:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-21 08:35 - 2013-04-04 17:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-05-21 08:35 - 2013-04-04 17:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-21 08:34 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-21 08:34 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-21 08:34 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-21 08:34 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-21 08:34 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-21 08:34 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-21 08:34 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-21 08:34 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-21 08:34 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-21 08:34 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-21 08:34 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-21 08:34 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-21 08:34 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-21 08:34 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-21 08:16 - 2013-05-21 08:16 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Malwarebytes

2013-05-21 07:57 - 2013-05-21 07:57 - 00000000 ____D C:\Windows\pss

2013-05-15 14:55 - 2013-05-15 14:58 - 00024064 ____A C:\Users\cconroy\Desktop\Nate Danny Baseball Schedule.xls

2013-05-14 09:01 - 2013-05-14 09:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Spam Soap

2013-05-14 08:54 - 2013-05-14 09:01 - 00000000 ____D C:\Users\cconroy\Documents\Add-in Express

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 __HDC C:\ProgramData\{61DEB624-4422-453E-AC8F-49CD8BCD73F0}

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 ____D C:\Users\cconroy\AppData\Local\PackageAware

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 ____D C:\Program Files\Spam Soap

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 ____D C:\Program Files\Common Files\Outlook Security Manager

2013-05-10 09:52 - 2013-05-10 09:52 - 00102703 ____A C:\Users\cconroy\Documents\Outlook Contacts.CSV

2013-05-10 09:52 - 2013-05-10 09:52 - 00039033 ____A C:\Users\cconroy\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-05-10 08:46 - 2013-05-10 08:46 - 00002675 ____A C:\Users\Public\Desktop\Microsoft Office Outlook 2003.lnk

2013-05-10 08:46 - 2013-05-10 08:46 - 00002659 ____A C:\Users\Public\Desktop\Microsoft Office Excel 2003.lnk

2013-05-10 08:46 - 2013-05-10 08:46 - 00002627 ____A C:\Users\Public\Desktop\Microsoft Office PowerPoint 2003.lnk

2013-05-09 13:33 - 2013-05-15 14:56 - 00028017 ____A C:\Users\cconroy\Desktop\2013 Baseball Schedule.xlsx

2013-05-09 10:06 - 2013-05-21 08:54 - 00025845 ____A C:\Users\cconroy\Desktop\2013 Master Grabill Complex Schedule-Majors_Rev_3.xlsx

2013-05-09 08:32 - 2013-05-21 13:07 - 00000072 ____A C:\Users\Public\LMDebug.log

2013-05-08 11:03 - 2013-05-09 16:14 - 00000000 ____D C:\Users\cconroy\Documents\SALES

2013-05-08 07:50 - 2013-05-08 07:50 - 00001411 ____A C:\Users\cconroy\Desktop\Internet Explorer (64-bit).lnk

2013-05-07 16:31 - 2013-05-07 16:31 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 16:30 - 2013-05-07 16:34 - 00007730 ____A C:\Windows\IE10_main.log

2013-05-07 16:29 - 2013-05-08 16:43 - 00013824 ____A C:\Users\cconroy\Documents\Sales Priorty List.xls

2013-05-07 16:29 - 2013-05-07 16:29 - 00262506 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-05-07 16:29 - 2013-05-07 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2013-05-07 16:28 - 2013-05-07 16:28 - 00856576 ____A C:\Users\cconroy\Documents\2013 Sales Workbook Draft.xls

2013-05-07 08:34 - 2013-05-07 16:28 - 00029184 ____A C:\Users\cconroy\Desktop\Sale & Business development outline.xls

2013-05-06 15:05 - 2013-05-06 15:05 - 00000000 ____D C:\ProgramData\zeon

2013-05-06 14:40 - 2013-05-06 15:15 - 00000000 ____D C:\ProgramData\Nuance

2013-05-06 14:40 - 2013-05-06 15:05 - 00000000 ____D C:\Program Files (x86)\Xerox Scan To PC Desktop 11

2013-05-06 14:40 - 2013-05-06 14:42 - 00000000 ____D C:\ProgramData\ScanSoft

2013-05-06 14:40 - 2013-05-06 14:40 - 00000000 ____D C:\Users\cconroy\Documents\MyWebPages

2013-05-06 14:40 - 2013-05-06 14:40 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Nuance

2013-05-06 13:21 - 2013-05-06 13:21 - 00000000 ____D C:\Users\cconroy\AppData\Local\Xerox Network Scan

2013-05-06 12:01 - 2013-05-06 12:01 - 00008049 ____A C:\Users\cconroy\AppData\Roaming\XeroxFaxOptions.xml

2013-05-06 12:01 - 2013-05-06 12:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Xerox

2013-05-06 12:01 - 2013-05-06 12:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Leadertech

2013-05-06 12:01 - 2008-10-28 09:07 - 00054072 ___RA (Samsung Electronics) C:\Windows\System32\Drivers\DgivEcp.sys

2013-05-06 12:01 - 2008-10-28 09:07 - 00007297 ____N C:\Windows\SysWOW64\SSPORT.CAT

2013-05-06 12:01 - 2008-10-28 09:07 - 00007297 ____N C:\Windows\SysWOW64\DgivEcp.cat

2013-05-06 12:00 - 2013-05-06 12:01 - 00000167 ____A C:\Windows\faxsetup.log

2013-05-06 12:00 - 2013-05-06 12:00 - 00001992 ____A C:\Users\Public\Desktop\Network Scan.lnk

2013-05-06 12:00 - 2013-05-06 12:00 - 00000090 ____A C:\Windows\scnsetup.log

2013-05-06 12:00 - 2013-05-06 12:00 - 00000000 ____D C:\Windows\Xerox

2013-05-06 12:00 - 2009-12-29 02:12 - 00479232 ____A () C:\Windows\ssndii.exe

2013-05-06 12:00 - 2009-04-02 10:01 - 00080896 ____A C:\Windows\System32\XeroxFaxPort64.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 01693696 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTCLR13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 01402368 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltdlg13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 01009664 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltwvc13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00935088 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTR13N.DLL

2013-05-06 12:00 - 2009-04-02 09:51 - 00747008 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltocx13n.ocx

2013-05-06 12:00 - 2009-04-02 09:51 - 00536752 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTRVW13N.OCX

2013-05-06 12:00 - 2009-04-02 09:51 - 00470720 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTRPR13n.DLL

2013-05-06 12:00 - 2009-04-02 09:51 - 00458752 ____A (Samsung Software Center) C:\Windows\prinst.exe

2013-05-06 12:00 - 2009-04-02 09:51 - 00446464 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltkrn13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00445440 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimg13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00427008 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP13s.DLL

2013-05-06 12:00 - 2009-04-02 09:51 - 00408576 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP13n.DLL

2013-05-06 12:00 - 2009-04-02 09:51 - 00313008 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTRIO13N.DLL

2013-05-06 12:00 - 2009-04-02 09:51 - 00275456 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFJ2K13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00271360 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFJ2K13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00269312 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDIS13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00212480 ____A (Eastman Kodak) C:\Windows\SysWOW64\PCDLIB32.DLL

2013-05-06 12:00 - 2009-04-02 09:51 - 00206848 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltefx13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00185856 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfpng13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00181760 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfpng13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00172032 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lftif13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00158720 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltpnt13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00144384 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltfil13n.DLL

2013-05-06 12:00 - 2009-04-02 09:51 - 00132096 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lftif13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00131584 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfjbg13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00114176 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTOCR13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00114176 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lffax13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00111104 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpsd13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00108032 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTTLB13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00095232 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltpdg13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00090112 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfjbg13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00081920 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfeps13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00073728 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lffax13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00070656 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfbmp13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00069632 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltbar13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00068096 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfiff13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00065536 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcx13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00065536 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfani13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00065024 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfclp13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00062976 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFPNM13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00060928 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfimg13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00060416 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfitg13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00059904 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcd13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00059392 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfmsp13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00058880 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfavi13s.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00055808 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpsd13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00051200 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltlst13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00047616 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfeps13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00044032 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lttwn13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00032256 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lttmb13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00031744 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfclp13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00031232 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFPNM13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00030208 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfbmp13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00027648 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfiff13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00026624 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcx13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00025600 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfani13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00020992 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfimg13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00019968 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcd13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00019968 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfitg13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00018944 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfmsp13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00018944 ____A (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfavi13n.dll

2013-05-06 12:00 - 2009-04-02 09:51 - 00000422 ____A C:\Windows\SysWOW64\ltocx13.lic

2013-05-06 12:00 - 2008-10-28 09:07 - 00172032 ____N C:\Windows\SysWOW64\SecSNMP.dll

2013-05-06 12:00 - 2008-09-08 18:54 - 00151552 ____A (SS) C:\Windows\System32\xp3220ci.exe

2013-05-06 12:00 - 2008-09-08 18:54 - 00089600 ____A (SS) C:\Windows\System32\xp3220ci.dll

2013-05-06 11:59 - 2009-12-29 02:13 - 00110592 ___RA C:\Windows\Wiainst.exe

2013-05-06 11:59 - 2008-10-28 04:58 - 00701440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll

2013-05-06 11:59 - 2008-10-28 04:58 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll

2013-05-06 11:59 - 2008-10-28 04:58 - 00038160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll

2013-05-06 11:59 - 2008-10-28 04:58 - 00021776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll

2013-05-06 11:58 - 2009-12-27 22:05 - 00333312 ____A C:\Windows\System32\SaMinDrv.dll

2013-05-06 11:58 - 2009-12-27 22:05 - 00129536 ____A C:\Windows\System32\SaImgFlt.dll

2013-05-06 11:58 - 2009-12-27 22:05 - 00098816 ____A C:\Windows\System32\SaSegFlt.dll

2013-05-06 11:58 - 2009-12-27 22:05 - 00055808 ____A C:\Windows\System32\SaErHdlr.dll

2013-05-06 11:58 - 2009-12-27 21:32 - 00043520 ____A (Samsung Electronics) C:\Windows\System32\Ssusbp64.dll

2013-05-06 11:58 - 2008-10-28 09:07 - 00081920 ____N (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll

2013-05-06 11:58 - 2008-10-27 22:56 - 00000357 ____A C:\Windows\System32\sxs2ml6.smt

2013-05-06 11:58 - 2008-10-27 22:55 - 00151552 ____A (SS) C:\Windows\System32\sxs2mci.exe

2013-05-06 11:58 - 2008-10-27 22:55 - 00089600 ____A (SS) C:\Windows\System32\sxs2mci.dll

2013-05-06 11:58 - 2008-10-27 02:37 - 00073728 ____A (Samsung Electronics) C:\Windows\System32\Ssdevm64.dll

2013-05-06 11:58 - 2008-10-27 02:37 - 00049152 ____A (Samsung Electronics) C:\Windows\SysWOW64\Ssusbpn.dll

2013-05-06 11:57 - 2013-05-06 12:00 - 00000000 ____D C:\Program Files (x86)\Xerox

2013-04-24 15:18 - 2013-04-24 15:18 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-24 15:18 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-04-24 15:18 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-04-24 15:18 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-04-24 07:27 - 2013-04-12 10:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-21 14:37 - 2012-05-25 07:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-21 14:36 - 2012-05-09 15:05 - 00000160 ____A C:\Windows\System32\config\netlogon.ftl

2013-05-21 14:36 - 2012-03-23 06:53 - 01342349 ____A C:\Windows\WindowsUpdate.log

2013-05-21 14:36 - 2012-03-23 05:14 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-05-21 14:36 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-21 14:36 - 2009-07-14 00:51 - 00047829 ____A C:\Windows\setupact.log

2013-05-21 13:28 - 2009-07-14 00:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-21 13:28 - 2009-07-14 00:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-21 13:25 - 2009-07-14 01:13 - 00797806 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-21 13:07 - 2013-05-09 08:32 - 00000072 ____A C:\Users\Public\LMDebug.log

2013-05-21 13:02 - 2013-05-21 13:02 - 00000000 ____D C:\FRST

2013-05-21 09:49 - 2011-02-10 10:33 - 00813066 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-05-21 08:54 - 2013-05-09 10:06 - 00025845 ____A C:\Users\cconroy\Desktop\2013 Master Grabill Complex Schedule-Majors_Rev_3.xlsx

2013-05-21 08:45 - 2012-05-09 15:23 - 00000000 ___RD C:\Users\cconroy\Virtual Machines

2013-05-21 08:45 - 2009-07-14 00:45 - 00396144 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-21 08:41 - 2009-07-13 22:34 - 00000499 ____A C:\Windows\win.ini

2013-05-21 08:39 - 2012-05-09 14:45 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-21 08:24 - 2010-11-20 23:47 - 00047768 ____A C:\Windows\PFRO.log

2013-05-21 08:16 - 2013-05-21 08:16 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Malwarebytes

2013-05-21 08:16 - 2012-07-09 08:50 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-21 08:16 - 2012-07-09 08:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-21 08:09 - 2012-05-09 15:28 - 00000000 ___RD C:\Users\administrator\Virtual Machines

2013-05-21 07:57 - 2013-05-21 07:57 - 00000000 ____D C:\Windows\pss

2013-05-20 16:10 - 2012-05-10 10:22 - 00000214 ____A C:\Users\cconroy\Documents\PROPHGEO.DSN

2013-05-20 15:59 - 2012-05-09 14:07 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2013-05-20 14:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF

2013-05-20 13:44 - 2012-05-10 08:55 - 00000212 ____A C:\Users\cconroy\Documents\PROACCT.DSN

2013-05-17 14:31 - 2012-05-10 08:44 - 00000000 ____D C:\Users\cconroy\AppData\Local\Deployment

2013-05-15 14:58 - 2013-05-15 14:55 - 00024064 ____A C:\Users\cconroy\Desktop\Nate Danny Baseball Schedule.xls

2013-05-15 14:56 - 2013-05-09 13:33 - 00028017 ____A C:\Users\cconroy\Desktop\2013 Baseball Schedule.xlsx

2013-05-15 10:37 - 2012-05-25 07:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 10:37 - 2012-03-23 05:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-14 09:01 - 2013-05-14 09:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Spam Soap

2013-05-14 09:01 - 2013-05-14 08:54 - 00000000 ____D C:\Users\cconroy\Documents\Add-in Express

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 __HDC C:\ProgramData\{61DEB624-4422-453E-AC8F-49CD8BCD73F0}

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 ____D C:\Users\cconroy\AppData\Local\PackageAware

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 ____D C:\Program Files\Spam Soap

2013-05-14 08:54 - 2013-05-14 08:54 - 00000000 ____D C:\Program Files\Common Files\Outlook Security Manager

2013-05-12 13:01 - 2012-05-09 14:07 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2013-05-10 09:52 - 2013-05-10 09:52 - 00102703 ____A C:\Users\cconroy\Documents\Outlook Contacts.CSV

2013-05-10 09:52 - 2013-05-10 09:52 - 00039033 ____A C:\Users\cconroy\AppData\Roaming\Comma Separated Values (Windows).ADR

2013-05-10 09:11 - 2012-05-10 08:44 - 00102728 ____A C:\Users\cconroy\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-10 08:46 - 2013-05-10 08:46 - 00002675 ____A C:\Users\Public\Desktop\Microsoft Office Outlook 2003.lnk

2013-05-10 08:46 - 2013-05-10 08:46 - 00002659 ____A C:\Users\Public\Desktop\Microsoft Office Excel 2003.lnk

2013-05-10 08:46 - 2013-05-10 08:46 - 00002627 ____A C:\Users\Public\Desktop\Microsoft Office PowerPoint 2003.lnk

2013-05-10 08:46 - 2012-05-09 15:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-05-10 08:46 - 2010-11-21 03:17 - 00000000 ____D C:\Windows\ShellNew

2013-05-10 08:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help

2013-05-09 16:14 - 2013-05-08 11:03 - 00000000 ____D C:\Users\cconroy\Documents\SALES

2013-05-08 16:43 - 2013-05-07 16:29 - 00013824 ____A C:\Users\cconroy\Documents\Sales Priorty List.xls

2013-05-08 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-05-08 07:50 - 2013-05-08 07:50 - 00001411 ____A C:\Users\cconroy\Desktop\Internet Explorer (64-bit).lnk

2013-05-08 07:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-05-08 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-05-08 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-05-08 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-05-08 07:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-05-07 16:34 - 2013-05-07 16:30 - 00007730 ____A C:\Windows\IE10_main.log

2013-05-07 16:34 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-05-07 16:31 - 2013-05-07 16:31 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 16:31 - 2013-05-07 16:31 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-05-07 16:29 - 2013-05-07 16:29 - 00262506 ____A C:\Windows\msxml4-KB2758694-enu.LOG

2013-05-07 16:29 - 2013-05-07 16:29 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2013-05-07 16:28 - 2013-05-07 16:28 - 00856576 ____A C:\Users\cconroy\Documents\2013 Sales Workbook Draft.xls

2013-05-07 16:28 - 2013-05-07 08:34 - 00029184 ____A C:\Users\cconroy\Desktop\Sale & Business development outline.xls

2013-05-06 15:15 - 2013-05-06 14:40 - 00000000 ____D C:\ProgramData\Nuance

2013-05-06 15:05 - 2013-05-06 15:05 - 00000000 ____D C:\ProgramData\zeon

2013-05-06 15:05 - 2013-05-06 14:40 - 00000000 ____D C:\Program Files (x86)\Xerox Scan To PC Desktop 11

2013-05-06 14:42 - 2013-05-06 14:40 - 00000000 ____D C:\ProgramData\ScanSoft

2013-05-06 14:42 - 2010-10-22 07:21 - 00034474 ____A C:\Windows\MAXLINK.INI

2013-05-06 14:40 - 2013-05-06 14:40 - 00000000 ____D C:\Users\cconroy\Documents\MyWebPages

2013-05-06 14:40 - 2013-05-06 14:40 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Nuance

2013-05-06 14:02 - 2012-05-09 14:44 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0

2013-05-06 13:21 - 2013-05-06 13:21 - 00000000 ____D C:\Users\cconroy\AppData\Local\Xerox Network Scan

2013-05-06 13:21 - 2012-03-23 05:36 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-05-06 13:21 - 2012-03-23 05:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-05-06 12:01 - 2013-05-06 12:01 - 00008049 ____A C:\Users\cconroy\AppData\Roaming\XeroxFaxOptions.xml

2013-05-06 12:01 - 2013-05-06 12:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Xerox

2013-05-06 12:01 - 2013-05-06 12:01 - 00000000 ____D C:\Users\cconroy\AppData\Roaming\Leadertech

2013-05-06 12:01 - 2013-05-06 12:00 - 00000167 ____A C:\Windows\faxsetup.log

2013-05-06 12:00 - 2013-05-06 12:00 - 00001992 ____A C:\Users\Public\Desktop\Network Scan.lnk

2013-05-06 12:00 - 2013-05-06 12:00 - 00000090 ____A C:\Windows\scnsetup.log

2013-05-06 12:00 - 2013-05-06 12:00 - 00000000 ____D C:\Windows\Xerox

2013-05-06 12:00 - 2013-05-06 11:57 - 00000000 ____D C:\Program Files (x86)\Xerox

2013-05-06 12:00 - 2012-03-23 05:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-05-05 17:36 - 2013-05-21 08:35 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-05 17:16 - 2013-05-21 08:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-05 15:25 - 2013-05-21 08:35 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-05 15:12 - 2013-05-21 08:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-02 11:29 - 2010-11-20 23:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-02 11:17 - 2012-05-31 15:40 - 00000211 ____A C:\Users\cconroy\Documents\PROTAX.DSN

2013-04-24 15:18 - 2013-04-24 15:18 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-04-24 15:18 - 2013-04-16 07:28 - 00000000 ____D C:\Program Files (x86)\Java

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-14 00:31

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2013

Ran by cconroy at 2013-05-21 14:41:18 Run:

Running from E:\

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

3sixty Freight Match (Version: 3.2.4818.17738)

3sixty Freight Match Prerequisites (Version: 1.0.0)

Accidental Damage Services Agreement (Version: 2.0.0)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)

Adobe Reader X (10.1.7) (Version: 10.1.7)

Banctec Service Agreement (Version: 2.0.0)

Belarc Advisor 8.2 (Version: 8.2.7.13)

Cisco WebEx Meetings

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

Complete Care Business Service Agreement (Version: 2.0.0)

Conexant HD Audio (Version: 8.50.4.0)

Consumer In-Home Service Agreement (Version: 2.0.0)

COWSWebPortal (Version: 1.3.0)

CzarLite (Version: 1.0.0)

D3DX10 (Version: 15.4.2368.0902)

Dell DataSafe Local Backup - Support Software (Version: 9.4.64)

Dell DataSafe Local Backup (Version: 9.4.64)

Dell Digital Delivery (Version: 2.5.1400.0)

Dell Driver Download Manager (Version: 3.0.0.0)

Dell Edoc Viewer (Version: 1.0.0)

Dell Home Systems Service Agreement (Version: 2.0.0)

Dell Support Center (Version: 3.1.5907.16)

DirectX 9 Runtime (Version: 1.00.0000)

Image Retriever 10 (Version: 10.0)

Intel® Processor Graphics (Version: 9.17.10.2867)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Java 7 Update 1 (64-bit) (Version: 7.0.10)

JavaFX 2.1.0 (Version: 2.1.0)

join.me (Version: 1.8.0.108)

Junk Mail filter update (Version: 15.4.3502.0922)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (Version: 9.0.30729.4048)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (Version: 9.0.30729.4048)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

MobileComm (Version: 1.0.33)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)

MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)

Network Scan

Nuance PaperPort 12 (Version: 12.1.0003)

Nuance PDF Viewer Plus (Version: 5.30.3290)

OmniPage SE 16 (Version: 16.1.0000)

PaperPort Image Printer 64-bit (Version: 14.00.0000)

PhotoShowExpress (Version: 2.0.063)

PowerBuilder Client Runtime (Version: 9.0.0.0)

Prophesy EasyStreet

Prophesy Mileage Bing Services (Version: 1.0.2)

Prophesy TaxTally

QualxServ Service Agreement (Version: 2.0.0)

RBVirtualFolder64Inst (Version: 1.00.0000)

Roxio Activation Module (Version: 1.0)

Roxio BackOnTrack (Version: 1.3.3)

Roxio Burn (Version: 1.8)

Roxio Creator Starter (Version: 1.0.439)

Roxio Creator Starter (Version: 12.1.77.0)

Roxio Creator Starter (Version: 5.0.0)

Roxio Express Labeler 3 (Version: 3.2.2)

Roxio File Backup (Version: 1.3.2)

Scansoft PDF Professional

SHARP PCL6 T1 Printer Driver (Version: 1.00.000)

Sonic CinePlayer Decoder Pack (Version: 4.3.0)

Spam Soap (Version: 5.0.0.52)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Windows Small Business Server 2011 Standard ClientAgent (Version: 6.1.7900.1)

Xerox WorkCentre 3220

==================== Restore Points =========================

24-04-2013 19:18:00 Installed Java 7 Update 21

24-04-2013 20:39:51 Windows Update

28-04-2013 06:04:51 Windows Update

02-05-2013 06:05:21 Windows Update

06-05-2013 15:31:49 Windows Update

06-05-2013 16:00:15 Installed Network Scan

06-05-2013 16:00:39 Installed Xerox PC Fax

06-05-2013 18:01:52 Installed Microsoft Visual C++ 2005 Redistributable

06-05-2013 18:02:28 Installed MSXML 4.0 SP3 Parser

06-05-2013 18:02:55 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048

06-05-2013 18:03:30 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048

06-05-2013 18:04:49 Installed Nuance PaperPort 12.

06-05-2013 18:41:04 Installed OmniPage SE 16.

06-05-2013 18:42:43 Installed Image Retriever 10.

06-05-2013 18:43:19 Installed Nuance PDF Viewer Plus.

07-05-2013 20:29:25 Windows Update

08-05-2013 11:45:57 Windows Modules Installer

08-05-2013 11:53:15 Windows Update

15-05-2013 21:14:12 Scheduled Checkpoint

21-05-2013 12:34:24 Windows Update

==================== Faulty Device Manager Devices =============

Name: HP LaserJet 400 M401n

Description: HP LaserJet 400 M401n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/21/2013 02:38:38 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 02:37:01 PM) (Source: Application Error) (User: )

Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Exception code: 0xc0000005

Fault offset: 0x000a8606

Faulting process id: 0x724

Faulting application start time: 0xsftservice.EXE0

Faulting application path: sftservice.EXE1

Faulting module path: sftservice.EXE2

Report Id: sftservice.EXE3

Error: (05/21/2013 01:22:32 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 01:20:52 PM) (Source: Application Error) (User: )

Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Exception code: 0xc0000005

Fault offset: 0x000a8606

Faulting process id: 0x700

Faulting application start time: 0xsftservice.EXE0

Faulting application path: sftservice.EXE1

Faulting module path: sftservice.EXE2

Report Id: sftservice.EXE3

Error: (05/21/2013 01:16:09 PM) (Source: Application Error) (User: )

Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Exception code: 0xc0000005

Fault offset: 0x000a8606

Faulting process id: 0x740

Faulting application start time: 0xsftservice.EXE0

Faulting application path: sftservice.EXE1

Faulting module path: sftservice.EXE2

Report Id: sftservice.EXE3

Error: (05/21/2013 00:08:24 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 00:07:09 PM) (Source: Application Error) (User: )

Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Exception code: 0xc0000005

Fault offset: 0x000a8606

Faulting process id: 0x708

Faulting application start time: 0xsftservice.EXE0

Faulting application path: sftservice.EXE1

Faulting module path: sftservice.EXE2

Report Id: sftservice.EXE3

Error: (05/21/2013 11:18:39 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 11:17:04 AM) (Source: Application Error) (User: )

Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c

Exception code: 0xc0000005

Fault offset: 0x000a8606

Faulting process id: 0x704

Faulting application start time: 0xsftservice.EXE0

Faulting application path: sftservice.EXE1

Faulting module path: sftservice.EXE2

Report Id: sftservice.EXE3

Error: (05/21/2013 10:06:23 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (05/21/2013 02:37:01 PM) (Source: Service Control Manager) (User: )

Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/21/2013 02:36:55 PM) (Source: Service Control Manager) (User: )

Description: The DgiVecp service failed to start due to the following error:

%%20

Error: (05/21/2013 02:36:52 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Antimalware Service service failed to start due to the following error:

%%5

Error: (05/21/2013 01:20:53 PM) (Source: Service Control Manager) (User: )

Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/21/2013 01:20:48 PM) (Source: Service Control Manager) (User: )

Description: The DgiVecp service failed to start due to the following error:

%%20

Error: (05/21/2013 01:20:43 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Antimalware Service service failed to start due to the following error:

%%5

Error: (05/21/2013 01:16:09 PM) (Source: Service Control Manager) (User: )

Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/21/2013 01:16:05 PM) (Source: Service Control Manager) (User: )

Description: The DgiVecp service failed to start due to the following error:

%%20

Error: (05/21/2013 01:16:00 PM) (Source: Service Control Manager) (User: )

Description: The Microsoft Antimalware Service service failed to start due to the following error:

%%5

Error: (05/21/2013 00:07:10 PM) (Source: Service Control Manager) (User: )

Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:

=========================

Error: (05/21/2013 02:38:38 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 02:37:01 PM) (Source: Application Error)(User: )

Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860672401ce56522b680879C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE6c663781-c245-11e2-90d2-d4bed9ccd22b

Error: (05/21/2013 01:22:32 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 01:20:52 PM) (Source: Application Error)(User: )

Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860670001ce5647894a7618C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEc96fc96c-c23a-11e2-9359-d4bed9ccd22b

Error: (05/21/2013 01:16:09 PM) (Source: Application Error)(User: )

Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860674001ce5646e0c5e5bcC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE2060bbe1-c23a-11e2-bbbe-d4bed9ccd22b

Error: (05/21/2013 00:08:24 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 00:07:09 PM) (Source: Application Error)(User: )

Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860670801ce563d3af53297C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE7d1e4560-c230-11e2-931c-d4bed9ccd22b

Error: (05/21/2013 11:18:39 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2013 11:17:04 AM) (Source: Application Error)(User: )

Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860670401ce56363c3185ffC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE7d9fdc06-c229-11e2-8e03-d4bed9ccd22b

Error: (05/21/2013 10:06:23 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 27%

Total physical RAM: 4008.63 MB

Available physical RAM: 2896.74 MB

Total Pagefile: 8015.44 MB

Available Pagefile: 6858.49 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:397.06 GB) NTFS (Disk=0 Partition=3)

Drive e: () (Removable) (Total:3.74 GB) (Free:1.41 GB) FAT32 (Disk=1 Partition=1)

Drive f: (OS) (Network) (Total:1392.62 GB) (Free:1114.61 GB) NTFS

Drive g: (OS) (Network) (Total:1392.62 GB) (Free:1114.61 GB) NTFS

Drive h: (OS) (Network) (Total:1392.62 GB) (Free:1114.61 GB) NTFS

Drive p: (OS) (Network) (Total:1392.62 GB) (Free:1114.61 GB) NTFS

Drive u: (OS) (Network) (Total:1392.62 GB) (Free:1114.61 GB) NTFS

Drive z: (OS) (Network) (Total:1392.62 GB) (Free:1114.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: 577D9666)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=16 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

[Maniac]

Good!

Boot in Normal mode and then:

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• ComboFix log

[cconroy8]

Here is the MBAM report. Shows nothing but I'm suspicious. Still cannot load Antivirus. I'll continue with step 2 now.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.21.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

cconroy :: PCTERM34 [administrator]

5/22/2013 7:11:49 AM

mbam-log-2013-05-22 (07-11-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 302614

Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[cconroy8]

Could not download Combofix. Should I save to USB?