Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web site is forwarding to http://pops.ero-advertising.com/


  • This topic is locked This topic is locked
5 replies to this topic

#1 wickedwitchofdc

wickedwitchofdc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 26 June 2017 - 09:47 AM

In all browsers on my computer (but not on my phone), certain websites are redirecting to http://pops.ero-advertising.com/popads/in.php?spaceid=***&ad_channel=0&r=0 where *** is a number.  This then forwards to an ad.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by laura (administrator) on LAPTOP-UGJ60DJ8 (26-06-2017 09:35:11)
Running from C:\Users\laura\Downloads
Loaded Profiles: laura (Available Profiles: defaultuser0 & laura)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4ae5d2bf791865f4\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Sysinternals - www.sysinternals.com) C:\Users\laura\Programs\SysinternalsSuite\procexp.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4ae5d2bf791865f4\igfxEM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Sysinternals - www.sysinternals.com) C:\Users\laura\AppData\Local\Temp\PROCEXP64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4ae5d2bf791865f4\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Flux Software LLC) C:\Users\laura\AppData\Local\FluxSoftware\Flux\flux.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Ninja Download Manager\download.ninja.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Code 42 Software) C:\Users\laura\AppData\Local\Programs\CrashPlan\CrashPlanService.exe
(Code 42 Software, Inc.) C:\Users\laura\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe
(© 2015 Microsoft Corporation) C:\Users\laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Elias Fotinis) C:\Program Files (x86)\DeskPins\DeskPins.exe
() C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154624 2015-01-05] (troubadix)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\...\Run: [f.lux] => C:\Users\laura\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\...\Run: [download.ninja] => C:\Program Files\Ninja Download Manager\download.ninja.exe [5213696 2017-01-27] ()
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\...\Run: [CrashPlanService] => C:\Users\laura\AppData\Local\Programs\CrashPlan\CrashPlanService.vbs [543 2017-06-08] ()
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\...\Run: [CrashPlanTray] => C:\Users\laura\AppData\Local\Programs\CrashPlan\CrashPlanTray.exe [462808 2017-06-08] (Code 42 Software, Inc.)
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\...\Run: [BingSvc] => C:\Users\laura\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk [2017-01-17]
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\shorts.ahk [2017-01-19] ()
Startup: C:\Users\laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2016-12-28]
ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
Startup: C:\Users\laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lookeen.lnk [2017-03-22]
ShortcutTarget: Lookeen.lnk -> C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch.exe ()
Startup: C:\Users\laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-06-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a45fc6ea-7eaf-48bb-ae0b-85659e5988bf}: [DhcpNameServer] 10.118.249.19 10.10.8.132
Tcpip\..\Interfaces\{b6280cd3-3455-442f-b535-07c2a0971bb3}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4207451009-3425849864-1271218340-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17swin10.msn.com/?pc=LJSE
SearchScopes: HKU\S-1-5-21-4207451009-3425849864-1271218340-1001 -> DefaultScope {A797C608-4196-4041-895B-55AE492247D2} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-15] (Oracle Corporation)
BHO-x32: Download Ninja IE -> {C935DDA0-269E-11E4-9235-78C81D5D46B0} -> C:\Program Files\Ninja Download Manager\DownloadNinjaIE.dll [2015-06-19] ()
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-15] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: o1vnsnno.default
FF ProfilePath: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default [2017-06-26]
FF Extension: (AutocopySelection2Clipboard) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\autocopyselection2clipboard@dook.xpi [2017-01-10]
FF Extension: (Zotero Better Bib(La)Tex) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\better-bibtex@iris-advies.com.xpi [2017-06-25]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-04-12]
FF Extension: (FireGestures) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\firegestures@xuldev.org.xpi [2017-06-15]
FF Extension: (Multiple Tab Handler) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\multipletab@piro.sakura.ne.jp.xpi [2017-06-16]
FF Extension: (Wolfram Toolbar) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\support@wolfram.com.xpi [2017-04-08]
FF Extension: (Zotero) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-06-15]
FF Extension: (ZotFile) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\zotfile@columbia.edu.xpi [2017-04-13]
FF Extension: (Session Manager) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-01-30]
FF Extension: (Flash and Video Download) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-02-25]
FF Extension: (Adblock Plus) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\o1vnsnno.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-05-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-05-20] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-05-20] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\11.0.1.5597552\npmathplugin.dll [2016-09-21] (Wolfram Research, Inc.)
FF Plugin HKU\S-1-5-21-4207451009-3425849864-1271218340-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-05-20] (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR Profile: C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Google Slides) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-14]
CHR Extension: (Google Docs) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-14]
CHR Extension: (Google Drive) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14]
CHR Extension: (YouTube) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (Chrome IG Story) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2017-01-14]
CHR Extension: (Google Sheets) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14]
CHR Extension: (Chrome Media Router) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2016-11-29] (Lenovo)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4ae5d2bf791865f4\IntelCpHeciSvc.exe [284144 2016-11-03] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4ae5d2bf791865f4\IntelCpHDCPSvc.exe [462832 2016-11-03] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [163328 2016-01-27] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-28] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134880 2017-02-14] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4ae5d2bf791865f4\igfxCUIService.exe [324592 2016-11-03] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [57160 2017-06-05] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-05-26] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-01-14] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-07-13] (Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84280 2014-06-07] (National Instruments Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-06-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-06-10] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-06-20] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-20] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-06-10] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [542672 2016-05-10] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32344 2016-06-03] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_4ae5d2bf791865f4\igdkmd64.sys [11027944 2016-11-03] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-26] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-26] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3119360 2016-05-25] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205952 2017-04-28] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-06-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-26] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 09:35 - 2017-06-26 09:35 - 00032738 _____ C:\Users\laura\Downloads\FRST.txt
2017-06-26 09:35 - 2017-06-26 09:35 - 00000000 ____D C:\FRST
2017-06-26 09:33 - 2017-06-26 09:34 - 02441216 _____ (Farbar) C:\Users\laura\Downloads\FRST64.exe
2017-06-26 09:27 - 2017-06-26 09:27 - 00000000 ___HD C:\OneDriveTemp
2017-06-26 08:31 - 2017-06-26 08:33 - 00000000 ____D C:\AdwCleaner
2017-06-26 08:31 - 2017-06-26 08:31 - 04110280 _____ C:\Users\laura\Downloads\adwcleaner_6.047.exe
2017-06-26 08:18 - 2017-06-26 08:22 - 00000000 ____D C:\ProgramData\HitmanPro
2017-06-26 08:11 - 2017-06-26 09:35 - 00149425 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-06-26 08:11 - 2017-06-26 09:35 - 00111167 _____ C:\WINDOWS\ZAM.krnl.trace
2017-06-26 08:11 - 2017-06-26 08:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-06-26 08:11 - 2017-06-26 08:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-06-26 08:11 - 2017-06-26 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-06-26 08:10 - 2017-06-26 08:11 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-06-26 08:10 - 2017-06-26 08:10 - 00000000 ____D C:\Users\laura\AppData\Local\Zemana
2017-06-26 08:09 - 2017-06-26 08:10 - 06589840 _____ (Zemana Ltd. ) C:\Users\laura\Downloads\Zemana.AntiMalware.Setup.exe
2017-06-26 08:09 - 2017-06-26 08:09 - 11584088 _____ (SurfRight B.V.) C:\Users\laura\Downloads\hitmanpro_x64.exe
2017-06-26 08:03 - 2017-06-26 09:26 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-26 08:03 - 2017-06-26 09:26 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-26 08:03 - 2017-06-26 09:26 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-26 08:03 - 2017-06-26 09:26 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-26 08:03 - 2017-06-26 09:14 - 00003696 _____ C:\Users\laura\Desktop\Rkill.txt
2017-06-26 08:03 - 2017-06-26 08:03 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-26 08:03 - 2017-06-26 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-26 08:03 - 2017-06-26 08:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-26 08:03 - 2017-06-26 08:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-26 08:03 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-26 08:02 - 2017-06-26 08:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\laura\Downloads\rkill.exe
2017-06-26 08:01 - 2017-06-26 08:02 - 64232976 _____ (Malwarebytes ) C:\Users\laura\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-26 07:59 - 2017-06-26 08:02 - 00284502 _____ C:\TDSSKiller.3.1.0.15_26.06.2017_07.59.46_log.txt
2017-06-26 07:57 - 2017-06-26 07:58 - 04922400 _____ (AO Kaspersky Lab) C:\Users\laura\Downloads\tdsskiller.exe
2017-06-25 10:42 - 2017-06-25 10:42 - 00872764 _____ C:\WINDOWS\Minidump\062517-9343-01.dmp
2017-06-23 10:27 - 2017-06-23 10:30 - 00000000 ____D C:\Users\laura\Documents\receipts
2017-06-20 21:13 - 2017-06-20 21:13 - 00091182 _____ C:\Users\laura\Downloads\search.htm
2017-06-20 12:46 - 2017-06-20 12:46 - 00188194 _____ C:\Users\laura\Downloads\Friday-June23.pdf
2017-06-20 12:46 - 2017-06-20 12:46 - 00112258 _____ C:\Users\laura\Downloads\Thursday-June-22.pdf
2017-06-20 12:46 - 2017-06-20 12:46 - 00111510 _____ C:\Users\laura\Downloads\Wednesday-June21.pdf
2017-06-17 08:33 - 2017-06-17 08:33 - 02373944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-06-15 23:32 - 2017-06-15 23:32 - 10988601 _____ C:\Users\laura\Downloads\cctyhigh.pdf
2017-06-15 08:07 - 2017-06-15 08:08 - 00000000 ____D C:\Users\laura\AppData\Local\CrashPlan
2017-06-15 08:07 - 2017-06-15 08:07 - 00000000 ____D C:\Users\laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrashPlan
2017-06-15 08:02 - 2017-06-15 08:05 - 115301376 _____ C:\Users\laura\Downloads\CrashPlan_4.8.3_Win64.msi
2017-06-14 17:11 - 2017-06-14 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 09:12 - 2017-06-03 04:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 09:12 - 2017-06-03 04:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 09:12 - 2017-06-03 04:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 09:12 - 2017-06-03 04:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 09:12 - 2017-06-03 04:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 09:12 - 2017-06-03 04:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 09:12 - 2017-06-03 04:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 09:12 - 2017-06-03 04:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 09:12 - 2017-06-03 04:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 09:12 - 2017-06-03 04:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 09:12 - 2017-06-03 04:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 09:12 - 2017-06-03 04:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 09:12 - 2017-06-03 04:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 09:12 - 2017-06-03 04:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 09:12 - 2017-06-03 04:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 09:12 - 2017-06-03 04:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 09:12 - 2017-06-03 04:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 09:12 - 2017-06-03 04:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 09:12 - 2017-06-03 04:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 09:12 - 2017-06-03 04:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 09:12 - 2017-06-03 03:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 09:12 - 2017-06-03 03:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 09:12 - 2017-06-03 03:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 09:12 - 2017-06-03 03:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 09:12 - 2017-06-03 03:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 09:12 - 2017-06-03 03:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 09:12 - 2017-06-03 03:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 09:12 - 2017-06-03 03:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 09:12 - 2017-06-03 03:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 09:12 - 2017-06-03 03:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 09:12 - 2017-06-03 03:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 09:12 - 2017-06-03 03:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 09:12 - 2017-06-03 03:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 09:12 - 2017-06-03 03:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 09:12 - 2017-05-20 04:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-14 09:12 - 2017-05-20 03:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-14 09:12 - 2017-05-20 03:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-14 09:12 - 2017-05-20 03:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-14 09:12 - 2017-05-20 03:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-14 09:12 - 2017-05-20 03:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-14 09:12 - 2017-05-20 03:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-14 09:12 - 2017-05-20 03:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 09:12 - 2017-05-20 03:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-14 09:12 - 2017-05-20 03:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-14 09:12 - 2017-05-20 03:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-14 09:12 - 2017-05-20 03:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-14 09:12 - 2017-05-20 03:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 09:12 - 2017-05-20 03:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-14 09:12 - 2017-05-20 03:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-14 09:12 - 2017-05-20 03:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-14 09:12 - 2017-05-20 03:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-14 09:12 - 2017-05-20 03:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-14 09:12 - 2017-05-20 03:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-14 09:12 - 2017-05-20 03:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-14 09:12 - 2017-05-20 03:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-14 09:12 - 2017-05-20 03:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-14 09:12 - 2017-05-20 03:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-14 09:12 - 2017-05-20 03:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-14 09:12 - 2017-05-20 03:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-14 09:12 - 2017-05-20 03:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-14 09:12 - 2017-05-20 03:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-14 09:12 - 2017-05-20 03:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-14 09:12 - 2017-05-20 03:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-14 09:12 - 2017-05-20 03:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-14 09:12 - 2017-05-20 03:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-14 09:12 - 2017-05-20 03:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-14 09:12 - 2017-05-20 03:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-14 09:12 - 2017-05-20 03:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-14 09:12 - 2017-05-20 03:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 09:12 - 2017-05-20 03:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-14 09:12 - 2017-05-20 03:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-14 09:12 - 2017-05-20 03:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-14 09:12 - 2017-05-20 03:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-14 09:12 - 2017-05-20 03:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-14 09:12 - 2017-05-20 03:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-14 09:12 - 2017-05-20 03:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-14 09:12 - 2017-05-20 03:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-14 09:12 - 2017-05-20 03:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-14 09:12 - 2017-05-20 03:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-14 09:12 - 2017-05-20 03:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-14 09:12 - 2017-05-20 03:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-14 09:12 - 2017-05-20 03:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-14 09:12 - 2017-05-20 03:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-14 09:12 - 2017-05-20 03:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-14 09:12 - 2017-05-20 03:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-14 09:12 - 2017-05-20 03:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-14 09:12 - 2017-05-20 03:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-14 09:12 - 2017-05-20 03:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-14 09:12 - 2017-05-20 03:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-14 09:12 - 2017-05-20 03:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-14 09:12 - 2017-05-20 03:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-14 09:12 - 2017-05-20 03:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-14 09:11 - 2017-06-03 05:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 09:11 - 2017-06-03 05:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 09:11 - 2017-06-03 05:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 09:11 - 2017-06-03 05:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 09:11 - 2017-06-03 05:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 09:11 - 2017-06-03 05:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 09:11 - 2017-06-03 04:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 09:11 - 2017-06-03 04:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 09:11 - 2017-06-03 04:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 09:11 - 2017-06-03 04:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 09:11 - 2017-06-03 04:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 09:11 - 2017-06-03 04:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 09:11 - 2017-06-03 04:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 09:11 - 2017-06-03 04:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 09:11 - 2017-06-03 04:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 09:11 - 2017-06-03 04:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 09:11 - 2017-06-03 04:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 09:11 - 2017-06-03 04:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 09:11 - 2017-06-03 04:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 09:11 - 2017-06-03 04:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 09:11 - 2017-06-03 04:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 09:11 - 2017-06-03 04:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 09:11 - 2017-06-03 04:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 09:11 - 2017-06-03 04:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 09:11 - 2017-06-03 04:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 09:11 - 2017-06-03 04:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 09:11 - 2017-06-03 04:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 09:11 - 2017-06-03 04:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 09:11 - 2017-06-03 04:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 09:11 - 2017-06-03 04:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 09:11 - 2017-06-03 04:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 09:11 - 2017-06-03 04:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 09:11 - 2017-06-03 04:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 09:11 - 2017-06-03 04:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 09:11 - 2017-06-03 04:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 09:11 - 2017-06-03 03:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 09:11 - 2017-06-03 03:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 09:11 - 2017-06-03 03:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 09:11 - 2017-06-03 03:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 09:11 - 2017-06-03 03:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 09:11 - 2017-06-03 03:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 09:11 - 2017-06-03 03:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 09:11 - 2017-06-03 03:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 09:11 - 2017-06-03 03:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 09:11 - 2017-06-03 03:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 09:11 - 2017-06-03 03:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 09:11 - 2017-05-20 02:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-14 09:11 - 2017-05-20 02:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-14 09:11 - 2017-05-20 01:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-14 09:11 - 2017-05-20 01:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-14 09:11 - 2017-05-20 01:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-14 09:11 - 2017-05-20 01:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-14 09:11 - 2017-05-20 01:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-14 09:11 - 2017-05-20 01:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-14 09:11 - 2017-05-20 01:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 09:11 - 2017-05-20 01:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-14 09:11 - 2017-05-20 01:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 09:11 - 2017-05-20 01:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-14 09:11 - 2017-05-20 01:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-14 09:11 - 2017-05-20 01:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-14 09:11 - 2017-05-20 01:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-14 09:11 - 2017-05-20 01:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-14 09:11 - 2017-05-20 01:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-14 09:11 - 2017-05-20 01:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-14 09:11 - 2017-05-20 01:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-14 09:11 - 2017-05-20 01:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-14 09:11 - 2017-05-20 01:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-14 09:11 - 2017-05-20 01:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-14 09:11 - 2017-05-20 01:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-14 09:11 - 2017-05-20 01:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-14 09:11 - 2017-05-20 01:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-14 09:11 - 2017-05-20 01:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-14 09:11 - 2017-05-20 01:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-14 09:11 - 2017-05-20 01:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-14 09:11 - 2017-05-20 01:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-14 09:11 - 2017-05-20 01:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-14 09:11 - 2017-05-20 01:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-14 09:11 - 2017-05-20 01:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-14 09:11 - 2017-05-20 01:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-14 09:11 - 2017-05-20 01:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-14 09:11 - 2017-05-20 01:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-14 09:11 - 2017-05-20 01:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-14 09:11 - 2017-05-20 01:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-14 09:11 - 2017-05-20 01:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-14 09:11 - 2017-05-20 01:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-14 09:11 - 2017-05-20 01:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 09:11 - 2017-05-20 01:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-14 09:11 - 2017-05-20 01:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-14 09:11 - 2017-05-20 01:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-14 09:11 - 2017-05-20 01:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-14 09:11 - 2017-05-20 01:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-14 09:11 - 2017-05-20 01:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-14 09:11 - 2017-05-20 00:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-14 09:11 - 2017-05-20 00:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-14 09:11 - 2017-05-20 00:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-14 09:11 - 2017-05-20 00:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-14 09:11 - 2017-05-20 00:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-14 09:11 - 2017-05-20 00:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-14 09:11 - 2017-05-20 00:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-14 09:11 - 2017-05-20 00:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-14 09:11 - 2017-05-20 00:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-14 09:11 - 2017-05-20 00:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-14 09:11 - 2017-05-20 00:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-14 09:11 - 2017-05-20 00:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-14 09:11 - 2017-05-20 00:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-14 09:11 - 2017-05-20 00:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-14 09:11 - 2017-05-20 00:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-14 09:11 - 2017-05-20 00:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-14 09:11 - 2017-05-20 00:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-14 09:11 - 2017-05-20 00:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-14 09:11 - 2017-05-20 00:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-14 09:11 - 2017-05-20 00:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-14 09:11 - 2017-05-20 00:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-14 09:11 - 2017-05-20 00:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-14 09:11 - 2017-05-20 00:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-14 09:11 - 2017-05-20 00:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-14 09:11 - 2017-05-20 00:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-14 09:11 - 2017-05-20 00:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-14 09:11 - 2017-05-20 00:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-14 09:10 - 2017-06-03 05:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 09:10 - 2017-06-03 05:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 09:10 - 2017-06-03 05:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 09:10 - 2017-06-03 05:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 09:10 - 2017-06-03 05:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 09:10 - 2017-06-03 05:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 09:10 - 2017-06-03 05:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 09:10 - 2017-06-03 05:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 09:10 - 2017-06-03 05:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 09:10 - 2017-06-03 05:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 09:10 - 2017-06-03 04:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 09:10 - 2017-06-03 04:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 09:10 - 2017-06-03 04:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 09:10 - 2017-06-03 04:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 09:10 - 2017-06-03 04:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 09:10 - 2017-06-03 04:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 09:10 - 2017-06-03 04:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 09:10 - 2017-06-03 04:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 09:10 - 2017-06-03 04:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 09:10 - 2017-06-03 04:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 09:10 - 2017-06-03 04:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 09:10 - 2017-06-03 03:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 09:10 - 2017-06-03 03:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 09:10 - 2017-06-03 03:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 09:10 - 2017-06-03 03:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 09:10 - 2017-06-03 03:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 09:10 - 2017-05-20 02:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 09:10 - 2017-05-20 02:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 09:10 - 2017-05-20 01:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-14 09:10 - 2017-05-20 01:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 09:10 - 2017-05-20 01:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-14 09:10 - 2017-05-20 01:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 09:10 - 2017-05-20 01:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-14 09:10 - 2017-05-20 01:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-14 09:10 - 2017-05-20 01:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-14 09:10 - 2017-05-20 01:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-14 09:10 - 2017-05-20 01:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-14 09:10 - 2017-05-20 01:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-14 09:10 - 2017-05-20 01:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-14 09:10 - 2017-05-20 01:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-14 09:10 - 2017-05-20 01:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-14 09:10 - 2017-05-20 01:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-14 09:10 - 2017-05-20 01:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-14 09:10 - 2017-05-20 01:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-14 09:10 - 2017-05-20 01:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-14 09:10 - 2017-05-20 01:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-14 09:10 - 2017-05-20 01:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-14 09:10 - 2017-05-20 01:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-14 09:10 - 2017-05-20 01:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-14 09:10 - 2017-05-20 01:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-14 09:10 - 2017-05-20 01:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-14 09:10 - 2017-05-20 00:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-14 09:10 - 2017-05-20 00:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-14 09:10 - 2017-05-20 00:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-14 09:10 - 2017-05-20 00:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-14 09:10 - 2017-05-20 00:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-14 09:10 - 2017-05-20 00:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-14 09:10 - 2017-05-20 00:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-14 09:10 - 2017-05-20 00:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-14 09:10 - 2017-05-20 00:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-14 09:10 - 2017-05-20 00:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-13 11:12 - 2017-06-13 11:13 - 00371134 _____ C:\Users\laura\Downloads\kjc1123 - The Other Side of Life.mobi
2017-06-13 11:12 - 2017-06-13 11:12 - 00611914 _____ C:\Users\laura\Downloads\kjc1123 - The Other Side of Life.html
2017-06-13 11:08 - 2017-06-13 11:08 - 00398025 _____ C:\Users\laura\Downloads\diva.gonzo - The Ron Weasley Chronicle(s).html
2017-06-13 11:08 - 2017-06-13 11:08 - 00252482 _____ C:\Users\laura\Downloads\diva.gonzo - The Ron Weasley Chronicle(s).mobi
2017-06-12 06:55 - 2017-06-12 06:55 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-12 06:52 - 2017-06-12 06:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-12 06:52 - 2017-06-12 06:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-12 06:52 - 2017-06-12 06:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-10 16:47 - 2017-06-10 16:47 - 00116257 _____ C:\Users\laura\Downloads\EOB-Statement.pdf
2017-06-10 16:47 - 2017-06-10 16:47 - 00115475 _____ C:\Users\laura\Downloads\EOB-Statement(1).pdf
2017-06-07 07:31 - 2017-06-07 07:31 - 00142670 _____ C:\Users\laura\Downloads\model.NextGen.M-0.0.2MASS.AB
2017-06-06 15:08 - 2017-06-06 15:08 - 00470107 _____ C:\Users\laura\Downloads\1609.00037.pdf
2017-06-05 10:50 - 2017-06-05 10:50 - 00257864 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2017-06-05 01:43 - 2017-06-05 01:43 - 15142645 _____ (Flexera Software) C:\Users\laura\Downloads\installVT342.exe
2017-06-03 12:44 - 2017-06-03 12:44 - 00000000 ____D C:\Users\laura\.astropy
2017-06-02 20:10 - 2017-06-02 20:10 - 00093714 _____ C:\Users\laura\Downloads\Lin2tbl5-5-22-03.txt
2017-06-02 17:07 - 2017-06-02 17:01 - 00186516 _____ C:\Users\laura\Downloads\LauraFlagg.011577
2017-06-02 17:06 - 2017-06-02 17:06 - 00022109 _____ C:\Users\laura\Downloads\LauraFlagg.011577.gz
2017-06-02 17:06 - 2017-06-02 17:06 - 00001399 _____ C:\Users\laura\Downloads\LauraFlagg.011577.bib.gz
2017-06-02 16:43 - 2017-06-02 16:41 - 00010205 _____ C:\Users\laura\Downloads\LauraFlagg.011576
2017-06-02 16:42 - 2017-06-02 16:43 - 00002116 _____ C:\Users\laura\Downloads\LauraFlagg.011576.gz
2017-06-02 15:38 - 2017-06-02 15:38 - 00001043 _____ C:\Users\laura\Desktop\uspot341.lnk
2017-06-02 15:38 - 2017-06-02 15:38 - 00000000 ____D C:\Users\laura\AppData\Roaming\sofia
2017-06-02 15:38 - 2017-06-02 15:38 - 00000000 ____D C:\Users\laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uspot
2017-06-02 15:38 - 2017-06-02 15:38 - 00000000 ____D C:\Program Files (x86)\uspot
2017-06-02 15:36 - 2017-06-02 15:37 - 143353259 _____ C:\Users\laura\Downloads\uspot3_4_1-windows.exe
2017-05-30 11:49 - 2017-05-30 11:52 - 230573624 _____ C:\Users\laura\Downloads\sulfideclouds.tar.gz
2017-05-30 11:45 - 2017-05-30 11:46 - 12527848 _____ C:\Users\laura\Downloads\lte012.0-5.5-0.0a+0.0.BT-Settl.spec.7.xz
2017-05-30 08:52 - 2017-05-30 08:53 - 39587861 _____ C:\Users\laura\Downloads\Peter and Rachel One-On-One in Palm Springs [360p].mp4
2017-05-29 14:28 - 2017-05-29 14:28 - 08627458 _____ C:\Users\laura\Downloads\MF-t3Vwpg2FLsC2T.mp4
2017-05-29 12:42 - 2017-05-29 12:42 - 39630761 _____ C:\Users\laura\Downloads\'Bachelorette' Rachel Lindsay talks about Madison contestant Pet - WKOW 27_ Madison, WI Breaking News, Weather and Sports.mp4
2017-05-28 11:44 - 2017-05-28 11:44 - 03219146 _____ C:\Users\laura\Downloads\13195309_263103820832053_2991153398327279616_n.mp4
2017-05-27 17:53 - 2017-05-27 17:55 - 143647255 _____ C:\Users\laura\Downloads\Karina MANTA _ Joseph JOHNSON FD U.S.Champs 2017 [720p].mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 09:32 - 2017-04-13 10:39 - 01043182 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-26 09:31 - 2016-12-29 11:59 - 00040147 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-06-26 09:30 - 2016-12-28 16:37 - 00000000 ____D C:\Users\laura\AppData\LocalLow\Mozilla
2017-06-26 09:30 - 2016-12-28 13:18 - 00000000 ____D C:\Users\laura\AppData\Roaming\Skype
2017-06-26 09:27 - 2017-02-04 10:34 - 00000000 ____D C:\Users\laura\AppData\Roaming\DownloadNinja
2017-06-26 09:27 - 2017-01-21 10:00 - 00000000 ___RD C:\Users\laura\OneDrive - rice.edu
2017-06-26 09:26 - 2017-04-13 10:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-26 09:26 - 2017-04-13 10:29 - 00272488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-26 09:26 - 2017-03-18 06:40 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-06-26 09:26 - 2016-12-28 13:16 - 00000000 __SHD C:\Users\laura\IntelGraphicsProfiles
2017-06-26 08:33 - 2017-04-13 10:30 - 00000000 ____D C:\Users\laura
2017-06-26 08:33 - 2017-01-19 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-06-26 08:33 - 2017-01-19 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-25 20:28 - 2017-03-22 05:45 - 00000000 ____D C:\Users\laura\AppData\Local\Lookeen
2017-06-25 11:05 - 2017-01-23 22:48 - 01193654 _____ C:\Users\laura\Downloads\My Librar1y.bib
2017-06-25 11:04 - 2016-12-22 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-25 10:44 - 2017-03-18 16:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-25 10:44 - 2016-12-28 18:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-25 10:44 - 2016-12-28 18:05 - 00000000 ____D C:\ProgramData\Skype
2017-06-25 10:44 - 2016-12-28 13:27 - 00000000 ____D C:\Program Files\Waterfox
2017-06-25 10:42 - 2017-05-10 23:17 - 1285998398 _____ C:\WINDOWS\MEMORY.DMP
2017-06-25 10:42 - 2017-05-10 23:17 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-25 10:42 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-25 10:42 - 2017-03-18 16:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-25 09:05 - 2017-03-18 15:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-24 11:30 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-24 05:51 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-23 08:47 - 2017-01-12 23:48 - 00003334 _____ C:\Users\laura\Documents\cc.txt
2017-06-23 07:07 - 2017-03-18 16:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-21 10:46 - 2017-04-13 10:36 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 10:46 - 2016-12-28 13:17 - 00002420 _____ C:\Users\laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-21 10:46 - 2016-12-28 13:17 - 00000000 ___RD C:\Users\laura\OneDrive
2017-06-20 14:53 - 2016-12-31 22:27 - 00000173 _____ C:\Users\laura\AppData\Local\msmathematics.qat.laura
2017-06-17 13:24 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 10:14 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-15 16:26 - 2017-01-19 10:45 - 00000000 ____D C:\Users\laura\AppData\Roaming\MusicBee
2017-06-15 08:39 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 08:08 - 2017-02-21 00:47 - 00000000 ____D C:\Users\laura\.oracle_jre_usage
2017-06-15 08:07 - 2017-04-13 00:37 - 00000000 ____D C:\Program Files\CrashPlan
2017-06-15 08:07 - 2017-02-21 00:47 - 00000000 ____D C:\ProgramData\CrashPlan
2017-06-15 07:27 - 2016-07-29 12:27 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-15 01:21 - 2017-01-26 19:33 - 00000638 _____ C:\WINDOWS\Tasks\TrackerAutoUpdate.job
2017-06-15 01:21 - 2016-12-31 01:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-15 01:21 - 2016-12-31 01:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-15 01:17 - 2017-03-18 16:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-15 01:14 - 2017-05-17 12:13 - 00000000 ____D C:\Users\laura\Documents\research
2017-06-15 01:14 - 2017-01-17 14:33 - 00000000 ____D C:\Users\laura\Documents\CITau
2017-06-14 17:12 - 2016-12-28 22:36 - 00000000 ____D C:\Users\laura\AppData\Local\Dropbox
2017-06-14 17:11 - 2016-12-28 22:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 17:09 - 2016-12-28 18:26 - 00000000 ____D C:\Users\laura\.VirtualBox
2017-06-14 09:19 - 2016-12-28 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 09:16 - 2016-12-28 18:15 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 09:15 - 2016-12-31 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-03 23:46 - 2016-12-31 17:17 - 00000000 ____D C:\Users\laura\AppData\Roaming\vlc
2017-06-03 01:32 - 2017-03-18 16:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 01:32 - 2017-03-18 16:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 18:46 - 2016-12-28 22:36 - 00000000 ____D C:\Users\laura\VMshare
2017-06-01 17:47 - 2017-01-17 14:27 - 00000000 ____D C:\Users\laura\IDLWorkspace85
2017-05-31 13:06 - 2016-12-28 18:11 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-31 11:11 - 2016-12-28 22:41 - 00000000 ___RD C:\Users\laura\Dropbox
2017-05-30 16:12 - 2017-04-13 10:36 - 00003216 _____ C:\WINDOWS\System32\Tasks\TrackerAutoUpdate
2017-05-30 16:12 - 2017-01-26 19:33 - 00000000 ____D C:\ProgramData\Tracker Software
2017-05-30 16:12 - 2017-01-26 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2017-05-30 16:12 - 2017-01-26 19:32 - 00000000 ____D C:\Program Files\Tracker Software
2017-05-30 11:41 - 2016-12-28 13:16 - 00000000 ____D C:\Users\laura\AppData\Local\Packages
2017-05-30 11:26 - 2017-01-20 18:23 - 00000000 ____D C:\Users\laura\Documents\Bandicam
2017-05-27 17:52 - 2017-01-22 02:20 - 00000000 ____D C:\Users\laura\Documents\skating

==================== Files in the root of some directories =======

2016-12-31 22:27 - 2017-06-20 14:53 - 0000173 _____ () C:\Users\laura\AppData\Local\msmathematics.qat.laura
2017-05-02 08:57 - 2017-05-02 08:57 - 0001800 _____ () C:\Users\laura\AppData\Local\recently-used.xbel
2017-04-13 10:29 - 2017-04-13 10:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-04-13 10:29 - 2017-04-13 10:29 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
2017-06-25 10:54 - 2017-06-25 10:55 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\laura\AppData\Local\Temp\BSvcProcessor.exe
2017-06-25 10:54 - 2017-06-25 10:54 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\laura\AppData\Local\Temp\BSvcUpdater.exe
2017-04-13 10:43 - 2017-06-26 09:27 - 1457312 _____ (Sysinternals - www.sysinternals.com) C:\Users\laura\AppData\Local\Temp\PROCEXP64.exe
2017-05-25 00:59 - 2017-06-23 08:09 - 58684896 _____ (Skype Technologies S.A.) C:\Users\laura\AppData\Local\Temp\SkypeSetup.exe
2017-05-25 21:29 - 2017-05-25 21:30 - 30950664 _____ () C:\Users\laura\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-25 12:21

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 26 June 2017 - 12:11 PM

Hi wickedwitchofdc  :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#3 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 28 June 2017 - 11:24 AM

Hi wickedwitchofdc  :)
 
I'm still working on a fix for your computer. Thank you for your patience. :busy:
 
polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 28 June 2017 - 10:35 PM

Hi wickedwitchofdc :)
 
We need to track down what's happening with your internet connection.
 
Please perform the following tasks.
 
Please download MiniToolBox, save it to your desktop, then run it.
Place check marks ONLY in the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
Click Go and then copy and paste the contents of MTB.txt into your next reply to me. A copy of MTB.txt will be saved in the same directory from which the tool was run.
 
In summary I will need from you:
  • MTB.txt from MiniToolBox
Next:
  • Open Notepad
  • Copy and paste the text below in its entirety into an empty Notepad window:
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-4207451009-3425849864-1271218340-1001 -> DefaultScope {A797C608-4196-4041-895B-55AE492247D2} URL =
C:\Users\laura\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\laura\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\laura\AppData\Local\Temp\PROCEXP64.exe
C:\Users\laura\AppData\Local\Temp\SkypeSetup.exe
C:\Users\laura\AppData\Local\Temp\vlc-2.2.6-win32.exe
  • Save the file to your Downloads folder as fixlist.txt
  • Note: FRST64 and fixlist.txt must be in the same folder in order for the fix to work.
  • Run FRST64
  • Click on Fix
  • It should only take a few moments for the fix to complete
  • If you are asked to restart your computer, please do so
  • When the fix has completed, a new file will be created named Fixlog.txt, and it will be saved to your Downloads folder
  • Please copy and paste that log into your next reply to me
In summary I will need from you:
  • MTB.txt
  • Fixlog.txt
  • How is your computer performing now?
Let me know if you have any questions.
 
polskamachina

Edited by Oh My!, 30 June 2017 - 12:49 PM.


#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,002 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 02 July 2017 - 10:20 PM

Hi wickedwitchofdc :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:44 PM

Posted 05 July 2017 - 10:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users