1. #1

    .osiris virus

    One of my users apparently clicked on an email attachment today and her files are now encrypted and have .osiris extensions. Here are the results of FARBAR and Security Analysis:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
    Ran by Administrator (administrator) on AMBER (07-12-2016 16:15:58)
    Running from C:\Users\amberr\Desktop\Sysnative
    Loaded Profiles: amberr & Administrator (Available Profiles: Rick Fredricksen & amber & amberr & Administrator & DefaultAppPool)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
    (Carbonite, Inc. (Online Backup, Cloud & Hybrid Server Backup | Carbonite)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    () C:\Program Files (x86)\Century\TinyTERM\cenlpd.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (HP) C:\Windows\System32\HPSIsvc.exe
    (Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos UI\Sophos UI.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
    (Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    (Memeo Inc.) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackup.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Health\Health.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Heartbeat\Heartbeat.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
    (Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [Sophos UI.exe] => C:\Program Files\Sophos\Sophos UI\Sophos UI.exe [2524296 2016-09-13] (Sophos Limited)
    HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
    HKLM-x32\...\Run: [WD Anywhere Backup] => C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe [222432 2009-11-12] (Memeo Inc.)
    HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [EMET 4.1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-01-12] (Carbonite, Inc.)
    HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
    HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
    HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
    HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
    HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
    HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
    HKLM Group Policy restriction on software: %Temp%\*.zip\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %Temp%\7z*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %Temp%\wz*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %Temp%\Rar*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-843312985-487402592-91182677-1139\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
    HKU\S-1-5-21-843312985-487402592-91182677-1139\...\MountPoints2: {58c5f065-bb7d-11e3-8fcd-6c3be52c7334} - F:\Autorun.exe
    HKU\S-1-5-21-843312985-487402592-91182677-1139\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
    HKU\S-1-5-21-843312985-487402592-91182677-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
    AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235936 2016-09-13] (Sophos Limited)
    AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2016-09-13] (Sophos Limited)
    ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-01-12] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    GroupPolicy: Restriction <======= ATTENTION
    GroupPolicyScripts: Restriction <======= ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [128776 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [177416 2015-09-15] (Sophos Limited)
    Tcpip\..\Interfaces\{10CE8B84-C2A0-412E-8C29-B50F2EC89426}: [NameServer] 216.67.153.137,199.190.151.1


    Internet Explorer:
    ==================
    HKU\S-1-5-21-843312985-487402592-91182677-1139\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    HKU\S-1-5-21-843312985-487402592-91182677-1139\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-843312985-487402592-91182677-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM13/19
    HKU\S-1-5-21-843312985-487402592-91182677-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM13/19
    SearchScopes: HKLM -> {06D2C4EE-9AE2-45E2-878E-308C3144AEF7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
    SearchScopes: HKLM-x32 -> {06D2C4EE-9AE2-45E2-878E-308C3144AEF7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
    SearchScopes: HKU\S-1-5-21-843312985-487402592-91182677-1139 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    SearchScopes: HKU\S-1-5-21-843312985-487402592-91182677-500 -> {06D2C4EE-9AE2-45E2-878E-308C3144AEF7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us3-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-843312985-487402592-91182677-500 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-25/4?satitle={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-09-20] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-09-20] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)


    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-04-20] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-843312985-487402592-91182677-1139: @citrixonline.com/appdetectorplugin -> C:\Users\amberr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-17] (Citrix Online)
    FF Plugin HKU\S-1-5-21-843312985-487402592-91182677-500: @citrixonline.com/appdetectorplugin -> C:\Users\administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-26] (Citrix Online)


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [98304 2012-12-11] () [File not signed]
    R2 CenLPD; C:\Program Files (x86)\Century\TinyTERM\cenlpd.exe [157008 2012-12-19] ()
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation)
    R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-06-13] (Condusiv Technologies)
    R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
    S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo)
    R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
    R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229672 2016-09-13] (Sophos Limited)
    R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2016-09-13] (Sophos Limited)
    R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [925832 2016-10-19] (Sophos Limited)
    R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [780432 2016-09-12] (Sophos Limited)
    R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [502944 2016-09-13] (Sophos Limited)
    R2 Sophos Health Service; C:\Program Files (x86)\Sophos\Health\Health.exe [1704088 2016-09-12] (Sophos Limited)
    R2 Sophos Heartbeat; C:\Program Files (x86)\Sophos\Heartbeat\Heartbeat.exe [2433888 2016-09-04] (Sophos Limited)
    R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1379856 2016-11-02] (Sophos Limited)
    R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1806904 2016-11-02] (Sophos Limited)
    R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2016-09-13] (Sophos Limited)
    R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
    R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
    R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2016-09-13] (Sophos Limited)
    S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2121224 2016-09-13] (Sophos Limited)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies)
    R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-05-22] (Condusiv Technologies)
    R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-06-07] (Condusiv Technologies)
    R0 nlem64nt; C:\Windows\System32\Drivers\nlem64nt.sys [73320 2011-08-23] ()
    R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [201168 2016-09-13] (Sophos Limited)
    R3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-09-13] (Sophos Limited)
    R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [123848 2016-10-19] (Sophos Limited)
    R0 Sophos Endpoint Defense; C:\Windows\System32\DRIVERS\SophosED.sys [200760 2016-10-17] (Sophos Limited)
    S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-09-13] (Sophos Limited)
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-12-07 16:10 - 2016-12-07 16:15 - 00000000 ____D C:\FRST
    2016-12-07 16:10 - 2016-12-07 16:12 - 00000000 ____D C:\Users\amberr\Desktop\Sysnative
    2016-12-07 13:07 - 2016-12-07 13:07 - 03293774 _____ C:\Users\amberr\DesktopOSIRIS.bmp
    2016-12-07 13:07 - 2016-12-07 13:07 - 00008476 _____ C:\Users\amberr\DesktopOSIRIS.htm
    2016-12-07 10:04 - 2016-12-07 10:04 - 01807763 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--23EAD43E--43ABA47997C0.osiris
    2016-12-07 10:04 - 2016-12-07 10:04 - 00182139 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--372A9500--7EE6846DDF80.osiris
    2016-12-07 10:04 - 2016-12-07 10:04 - 00108071 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C0792E66--A1BC5EDAFB35.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 11514611 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--2FBD5866--358C06C8C37B.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 05162786 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--24685E20--D0A7B8CBFA39.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 01894508 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--51F3E4AA--970F6F61D834.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 01530656 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--133CD497--3E8EBDC05123.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 01111292 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--9C3EFC7E--7C46A6EB046B.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00991196 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--B708FCB0--C2173D8326F6.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00954692 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--60B07CCC--6A6E7A33F93B.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00926072 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--11532F8E--E4018A33CD1B.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00803276 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--C05FC3DF--87B17EEC1DD6.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00753272 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--901340E3--C68021C4792B.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00522044 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--CD30B440--922936AA3B50.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00505412 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--5ADADC09--5A9D4E9D323F.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00484028 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--FD89AE51--F4EBCC38FEBB.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00376676 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--8195D77E--588B2ED40A62.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00330499 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--EDB745CA--C6767D53DF04.osiris
    2016-12-07 10:03 - 2016-12-07 10:03 - 00000879 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--16D5AA7F--730C88356F64.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 04311438 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--3244FB11--B97D95F67673.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 03925747 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--02BD50EC--45DC2F6859A0.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 03809613 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--4586F2FD--7252279D42FB.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01780722 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A6C33470--918190012C4A.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01437100 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E9221D93--85A2078E7A32.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01366852 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--084A7FF1--C65B1F5E550D.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01275082 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E882F412--08AD5C44CD7D.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01275082 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--09A08868--72CCE5DB2094.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01194141 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--EC23ED41--5346B6013E02.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01170234 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--729CEE80--333EE97EAAC5.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 01064550 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--2074389F--96BA80146093.osiris
    2016-12-07 10:02 - 2016-12-07 10:02 - 00031812 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A876F4DD--745F768A31A4.osiris
    2016-12-07 10:01 - 2016-12-07 10:01 - 04413764 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--6B2255E7--15139E13C12A.osiris
    2016-12-07 10:01 - 2016-12-07 10:01 - 03986756 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BF268953--0FA0184575D9.osiris
    2016-12-07 10:01 - 2016-12-07 10:01 - 03008324 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4A0D496E--755EC555A6D4.osiris
    2016-12-07 10:01 - 2016-12-07 10:01 - 00199911 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AE751DF1--49CE989890EC.osiris
    2016-12-07 10:01 - 2016-12-07 10:01 - 00173525 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--82CF4FD1--5ABF624451B9.osiris
    2016-12-07 10:01 - 2016-12-07 10:01 - 00010526 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2A55CD93--226FA421F1A1.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00637618 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AC02CE4D--7EA8C60A7BAB.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00630450 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--85B4BB3F--1C46E1A93428.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00598530 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A19B9725--501BA74763C4.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00563253 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F914D393--71DC6E55488E.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00470609 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--66BDC2F4--9842A05840C8.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00251754 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7D5AD3A7--F5AB0603C67D.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00242167 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--12268E72--7171C129EC56.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00229673 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4CCA92B7--0DD2678BC3AF.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00198250 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--31244848--E42920B9FCA2.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00170178 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--55E1B64A--CAA7FBC5D6C5.osiris
    2016-12-07 09:52 - 2016-12-07 09:52 - 00011529 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--04C3F7AF--3156C11BBD94.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00737104 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--F9BCA40B--3680809EEF6B.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00637952 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--C43C9018--732A3EFE5DF1.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00585204 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D21CDC4A--5A56C2A87885.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00495244 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DACF08D0--EEB87A230474.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00482704 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E4D51578--7692412F35B0.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00427584 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--12B36814--7BF8513ACB32.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00414384 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--079D8344--1B3ACCCEE5CB.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00387533 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--3B1EEE70--C8BDB5BB541C.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00370177 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--D4833467--A5C6683B6C81.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00369782 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--833D8D3E--1EC9C3179D56.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00369782 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--1D3D9C50--0F105C6CFD4D.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00332686 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--B5317A5B--A073789585A0.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00332686 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--34E354F8--7336B0CE1367.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00332686 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--0FB725D4--3FB9B590963E.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00302697 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--42AD3A79--65B193CA59E5.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00267446 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DCD754FA--2C8C3424C81D.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00260632 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--64A9BC41--2E964BAAAE1B.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00255585 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DC0D367B--DCD8D5F7092E.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00229673 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--3366CD3E--3EC3990EAD6E.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00169680 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--67303E17--3917DEDB5185.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00166743 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--56B66F39--B939D820B031.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00158392 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C0AC4FE2--401958BFF2A7.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00153176 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--9849A1A7--73228DBCDFA5.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00123658 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CF0145F5--37BE0B8CC4C0.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00121124 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--262C47E8--59990F865645.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00120689 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D11D7DD4--725B70CFE6C7.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00114445 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--EB1ADC66--19AA801F8B5E.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00106227 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A00ADC54--87DA98EE63AB.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105905 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D2C83089--8DB3DF14EADE.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105897 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B92056CE--60BF90204F5E.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105892 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BEE1F53F--41EF950EA8F7.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105892 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--939576B8--C23E65B447E7.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105650 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--29EAA42F--DCF3AFC87E03.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105579 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D0E7FD42--CC057EF71D42.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105579 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B57326F4--B9F69F943332.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105545 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--6176449D--754C5C758497.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00105543 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D53B830D--ED5AA8D1FA4D.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00102143 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D3E1E6F5--FCFF0FF38872.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00099947 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4DD32749--5843636566A2.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00099615 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E1192989--638D3C52BB09.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00099582 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--507D9CA0--B2F2C4CE4101.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00099325 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D094DAFA--5FDDB1459067.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00099009 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--76147442--7A4CA97734A1.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00097117 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--FA9771F8--730782926E3C.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00091668 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--62056BFC--EFC88AE32E85.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00085732 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--2BC116BC--37EC6061D12C.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00080020 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A509698B--F8BB516EF1EE.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00079479 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--7072430E--17C75BD159FE.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00077714 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--DB12E5B9--D071981427B3.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00067056 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E82EA99C--89921F7A1CEC.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00065032 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A260B000--A9E3CEB1E700.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00064559 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--0D4F32B5--980461E526DA.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00062788 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--FD9523D2--3A4DC98A9C23.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00059566 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--11153B02--F25CD7C7AD24.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00056003 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--25CCFB42--7ABF1AC84DA4.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00055627 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BE90F6BB--49B4146A9899.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00055616 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--83DE36FD--9784CC382E28.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00052221 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--9B1A5CE3--CDC8E1FDA2CC.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00050198 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B1D05EF7--32F939EEBBAA.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00048271 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--33D55DBC--B8D2F6CBF928.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00040794 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--14407141--9A2172F125EC.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015965 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--B8D56CD6--F8FA91A97472.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015965 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--20DA761B--50DD5C9A3B72.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015965 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--1C62B4AA--EB867EC5C119.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015379 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E6768984--810809D37A9D.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015379 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--D38FF8E7--45472D4E84FE.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015379 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--AD106DE0--307C7B07B553.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015379 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--431C29D9--C6CCD4480060.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015269 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--FE249DFF--87CF43820962.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00015269 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--8892374F--0537E548CF00.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00014855 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E4BAFD87--2FF31DD503E8.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00014855 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A45FC636--885F9CAC9F22.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00014855 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--37CDA4F0--67EF798D822D.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013315 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--0E729680--F7DD084AFA83.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013192 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--9BE57E3A--6D7223C7930D.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013192 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--07EB1A1C--B607E68F27EB.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013190 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--B9BC5107--F1715F774728.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013189 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--FA5414C1--17CF3DD3D2C0.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013189 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--63436CB7--D8B5292DD81F.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013189 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--16D7DDD3--562E92604A7F.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013177 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--6D016EB5--BB5637EEBECD.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00013177 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--21DDFA9A--D73122A054B0.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00012340 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--638668AC--D26D8D4B2565.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00012103 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--EBE3E5C4--39B0B7B28C11.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00011609 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--D28844CA--7BB0C22B6E54.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00008476 _____ C:\Users\Rick Fredricksen\Desktop\OSIRIS-811d.htm
    2016-12-07 09:51 - 2016-12-07 09:51 - 00006514 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--8FF84CF0--F50D963093F2.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00005733 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--86ED3459--58CBA912B28C.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00001841 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F343CE36--B93562ECC715.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00000942 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--1BC8A86C--A07A96234565.osiris
    2016-12-07 09:51 - 2016-12-07 09:51 - 00000848 _____ C:\Users\Rick Fredricksen\Desktop\9A8F70E1--C6BA--0D0A--626E140E--B9DED98F9BA3.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00632478 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2235DF44--552448A8FE10.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00581747 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C395F7FC--5EFFBDCFF671.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00380408 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F940DF2E--0D65449ADF52.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00370177 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--609EBAA0--AF1B0E04EA45.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00295473 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A28A4682--8E77C8DBD192.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00277928 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--9CFB48A5--0F1DD6DF62B7.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00254842 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--34F31B78--0DBCEA7DE3AA.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00232680 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DAF2A42A--0C6E32977C78.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00188809 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2F4ED250--20AA0F8E3A5D.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00171535 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CE2EF56A--64ED9AFDB6AB.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00161807 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D6A831D5--2FD77F246BE2.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00019591 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--95C6F09A--1799AC1D491B.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00014061 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--0957A069--6E18E53CD6C2.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00013339 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--73DAEEBB--10A0E899565D.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00013243 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D669FE3E--7FAC3A25FF23.osiris
    2016-12-07 09:50 - 2016-12-07 09:50 - 00012497 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C684E1E7--316A1240994D.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00542099 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--450E5D25--5E5E6D51F957.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00497476 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--65AE1611--8C88E8E44BDE.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00145109 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--2F453CD8--8FFBD0F6D54E.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00130166 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--1D3F9764--4C4232285E70.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00087492 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A6189C5F--4F51146EC16E.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00071699 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--384D278E--733E50868E0C.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00070116 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--4316E6FB--5A0DDE583A26.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00062276 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--3B121F4B--1973D32A1559.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00062027 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A3D96296--4B3429836A61.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00061764 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E0456AC7--B99AF1AE812F.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00059716 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--6F59B540--FFF30961A12D.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00049476 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CCC4BA34--EDE7EA7AEA78.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00046916 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A161A76D--58CBAF3F53DE.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00045892 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--808B4B51--44FF5910A4A2.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00043332 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CE69D293--9897C4B5E900.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00042308 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4C241715--E715B2E32000.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00040772 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--60F9B25D--F42611B7FABD.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00027460 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--60A6BB15--6D2875DD01C5.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00025412 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--5EDA937B--DAEB0EE7CD12.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00024900 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CDFBE3CC--094C5FBEC11B.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--8E773D99--6F3213799BBD.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--47E37891--04E62542E0EA.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00021018 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--BFA8B94C--D8D90FDFF1C5.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00020472 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--8D28FA42--8DA80B2169BE.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00020472 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--658563AD--1C32D6B37CB3.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00019723 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--DD80BAE8--D7EC64C25C9E.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00016746 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--B253E40D--210516F0639F.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00016708 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C41A33C1--736D63955B12.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00016525 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D8CF38FD--BD05B4AB0BB9.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00016254 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E50C6851--CC01235EAE83.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00015559 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--33140E53--CD1D2C7B0923.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014952 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--3A1E185F--B5660AFE67FE.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014815 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--5C98C282--0FBDE48EB42A.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014651 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F4BD7256--02BDD5EFB212.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014577 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A3C6028D--5B0099C1CD93.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014322 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--9006D569--60985FAF354A.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014295 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--922C2752--B334CC96D249.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014295 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--0BA1274E--9FB6998398E8.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014211 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7A177144--E94EA7B7D015.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00014158 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BCC0862D--350C319A9772.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00013299 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--76FCF38B--8EEA4912BF2E.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00013285 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BE970D90--EC26E893C4E7.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00013179 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--979B6B4C--8C0C7F29D80B.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00013117 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BB1DF3A9--B28B2E301105.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00013110 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B3DF9732--03279610931F.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00012922 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D0CC429F--6297C48EA10C.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00012744 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E87557EC--535C7523EB78.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00012668 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7A05FA40--1B4BB5B2D125.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00012570 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--58A63768--27911C22B83E.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00012456 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7EDF02E0--C6DEF6835888.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00010790 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C4BEE6EE--0A34A432E41D.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00010446 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BB7D0262--79E8C778CC46.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00010300 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DF411B66--09EC6199B1AC.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00010246 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E86A66C0--F344E4E83020.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00008476 _____ C:\Users\Rick Fredricksen\Documents\OSIRIS-fa71.htm
    2016-12-07 09:49 - 2016-12-07 09:49 - 00008476 _____ C:\Users\amberr\Desktop\OSIRIS-9af6.htm
    2016-12-07 09:49 - 2016-12-07 09:49 - 00005698 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--371A1F1A--0E1A6774FD3F.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00004199 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--110E9026--BB9F98C81963.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00003804 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--EBCCF624--1DC92EA770CA.osiris
    2016-12-07 09:49 - 2016-12-07 09:49 - 00001308 _____ C:\Users\Rick Fredricksen\Documents\9A8F70E1--C6BA--0D0A--D4F440FE--D13A469B123D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00502403 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--04ED98BC--B2F29EFDAD9D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00446788 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C81EEAEC--AB7068D9E412.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00431940 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--0F69D2F0--D1CC92BE9818.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00374596 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--23DF8385--6A935F044B90.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00373060 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A997DF85--CE96449EE8D3.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00347460 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D19C4711--32205CC8E30C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00326468 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D74F448E--4361C72BA823.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00254788 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--EFF483B9--15B4CEB1B2EA.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00245060 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AAEE4491--1DFAB63FFAE3.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00242584 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--750C656B--85FB1565C6EA.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00214340 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--62DAF889--E8E233666851.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00203588 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--87EFDFF9--5F5594FC18EB.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00202564 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CD772872--485DB227FA85.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00201028 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F3AC01B3--A967A914CA9B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00174916 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--ACFC80C5--A8A60EB894A7.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00165700 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E7CCE3D8--9DA4A0EB530A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00149828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--9FF6DAE9--7E385561D44A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00131396 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--2F50A9C4--245F5C85370B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00127300 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--B07A158D--2A702C4A4775.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00127300 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--4B36FAB9--87A39F71D98C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00127300 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--1149B956--7084EF56056C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00125252 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B84E2F95--DE6D2FFBD955.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00123716 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E3874A27--EF44A9BF7D99.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00113476 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--64DF04AF--C617630E9543.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00111631 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--861B7721--0C5A7ED19FF0.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00109380 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--98930FE8--37F16E358827.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00104260 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--08D894C2--A216E92607A9.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00102724 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--93952E7C--181F2D2018D4.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00099652 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--27696269--7E87733E4D26.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00090948 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2D558813--03B527B03820.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00084292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--176261B8--7195BB5BA31C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00083268 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--734E77A5--0AD39796B362.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00083161 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--03169F51--A0F9B32C5253.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00082561 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--25FC9ED0--2BA4FD099A4B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00078660 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C46BF71C--01AFCE872037.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00076100 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E2AF7F8A--F2DE29CFAC1F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00076100 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--4C136232--137903A7FC72.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00067908 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2891097E--C1762D9DB484.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00066884 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2C9A1126--92A76C18EC6A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00066372 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C48930BA--85766EAC16A4.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00065923 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2B6C0004--F560E018EAFE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00065860 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--295184B3--ED151D18B927.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00065348 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--40350CFD--D3E6D7F6E865.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00063181 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--9F7EFCC8--22654F75391D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00063181 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--89C330CE--6EB6BD849F96.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00051524 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E77F9B88--43E2AA084009.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00048964 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--3D85C55F--3900A79F27E2.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00047624 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--DE66C7B3--1D0C73021586.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00047565 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--81CB065E--CD17CCB056FD.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00047565 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--6E494D24--D74B1E57B696.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00047428 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--03C0C01E--1442401E4F37.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00042720 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D522F33A--996DCBBBA322.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00040772 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CDBD94CA--A4563BDAFF20.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00040772 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2C02E855--514F47A6F7B7.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00039236 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BD7D820E--6DCFC4F209F1.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00039236 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--1DFD04F7--162535953B1B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00038540 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B3C4064B--B9ACF8C7F667.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00037700 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F46547EC--8369EE9D7459.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00037700 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--5087672F--006AD781EC6C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00037188 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--3B4F23D3--E5F0DDBD74CA.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00036676 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CCB7B8B0--12F0ACD42638.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00036676 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--5EDCBF43--D1FABF203979.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00036164 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B518CE7A--42B964412660.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00035140 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--43A7AD55--1B36BB4A743D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00034116 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--1A1AC331--1770295B59CA.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00034116 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AC81F0C6--11B0DDDD51B6.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00033092 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AC80222D--49A3FA1E596D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00032580 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A2B20BFA--093E816E4FFF.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00032068 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--588D6837--BC36416D9A4E.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00031556 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D28B40CE--F3B980E84837.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00031044 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A1094EB4--FF5142DEAD01.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00030532 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--9B395D24--03E63437FAD2.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00030020 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4ABF26A4--C1A5898DEECD.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00029508 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DF358675--01854536F601.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00029508 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7E87BBFA--E6DD96209CCE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00029225 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--9CB7A3C8--731EF6A474DD.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00028996 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--EF4617E9--848A1F484E65.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00028629 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E20F2EA9--6648A6FD0332.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00028484 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A17D004E--1DD477304EAF.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00028484 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C44A336D--A6202FABDE99.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00028484 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--33AC8FB8--CFCAAE6E061F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00028484 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--176D4453--AF968BF4B591.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00027972 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--05900A8C--D03B0ECA9D5A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00027460 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D1D37962--F0C930ECD286.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00026948 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A1F756FC--C4458AB64450.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00026436 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AAD1AF34--A6FF323CAB08.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025924 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4183C566--5DCD36E4AEC7.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025474 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F115E188--A4CC8969EC13.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025412 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--EDE09258--E2A2E0BC3C16.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025412 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E4BF2744--DF97434652BE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025412 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E08264DC--A9FAF126C086.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025412 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DF812DD2--A272302182FE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025412 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--92EE38E9--14486144C6C5.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00025412 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--46584375--E11BC006FF44.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--C9A57E14--D43652EE8480.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A59C3229--FF1495D94387.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--A00509B5--30E577D2CE00.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F67A55EA--2676F6BBBFFA.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F004F386--1E4E6647F34F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D9064732--B5FC872037CE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--9FF4D6A9--0EC34A0E700F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--588E26DD--9A7F5F8AC8CD.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024900 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--30CE9532--96FD9882A047.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024388 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B27A6435--7F9361578078.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024388 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--1CBB47E4--0AB9B6F4C2B8.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00024388 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--0A0BD202--116B15018EAB.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00023941 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--0C5C4918--2CBC307288D5.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00023876 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A98638E4--55D80FA3616A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00023876 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--8F10889D--35DEF9892A6E.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00023876 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2C749A8D--BCCFC620B1E3.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00023364 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--9DB5F86F--C9175CB5E39B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00023364 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--8A66219C--7F4063219558.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00022852 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2B5539C7--E6AA90DE498C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00022832 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--47E8494C--77E310447333.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00022340 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--BD24FD50--20823EC37C40.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00022340 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--6F971228--5D6DA4D6642D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--FE03BD9A--EC4DA1B687F2.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--FCF060DA--124AEB41C513.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--9D92D792--4CB9E17A7CD0.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--97B7C98D--6EF935214587.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--52C02342--55644F7C830A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--5070F8ED--EC64679B3C27.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021828 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--30482ECF--F44442D337AC.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021534 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--3A65C111--3AA978F3656C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F8085877--85373409C868.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F7B86C5B--26EA6F9B38F8.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DD70E841--F5F4CE9E29F3.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--D0CD5DD6--6576BF623683.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AAD63E9B--AD691A130A92.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A9CFC002--2F809E1EC8BE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4AD846AA--4DD22F99E3C0.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2A72479D--D065AB2C164B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021316 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2225BC5F--62748C352779.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00021147 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E9C24051--7EE09512D019.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020902 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--844E34B9--D2F497B1517C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F2EC53E9--1945EA6B774D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F23B695E--A3751475112B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E25E692F--BE5014F82B46.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DBE6084C--CF395275CA2C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DA581110--0133C24053CB.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7855CD0E--F3EC5B62667C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--729A272F--3DD170AE5B06.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--614EFE81--A1945B524CC6.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020804 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--10783D54--AD2C800F7ADB.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020733 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B5AA3B2A--D8000EF6E52F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020344 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--671CFD07--01245BCA2B43.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--81881A56--CC0A4AE1E033.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--74BDEF36--14E4765CC90C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--6C210F5B--C9E3E3F20FCF.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--61DE877D--39C4CD22F2B7.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--5D8AC543--0936E7B72A4C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--3C81021D--13109ADD6637.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--30F52DCD--670D945F7606.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2AB6344C--3E1345B8F63F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--19A69CB6--42C2E261A6CC.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00020292 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--083A77BE--752FB9B43214.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00019758 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E5D7EC71--4CB67635608B.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00019306 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--C9A5B9E5--2609E08E463C.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00018756 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F2D9BB49--D9284D7D32BE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00018516 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--FCBEE90B--F8945A354428.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00018515 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--29A81233--EDC8BEAAD59A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00018244 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--53F4BE75--A3E04EF86C5D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00018213 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--8719FFBF--57192135131F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00018089 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--DD5BAEA8--7DAA4A91AD76.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017950 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--429CF940--AEB789515016.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017471 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--D5896B69--ED788C817315.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017462 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--5A52E040--16797DE522BE.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017220 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--FA50BE65--EB55388CFA50.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017220 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--714891D0--AAEEFA9F0136.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017194 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--2C9D56C8--4C54AA05D5F3.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017131 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--80306359--A64D2683A53F.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00017092 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--52E7CB6B--E0D9416C9092.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00016708 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C86B456D--869261825B66.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00016708 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4C77B62B--AFA9F2D2A137.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015684 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--6CFA19C2--0ADCFAFD44E5.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015684 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--1602D828--B0DAFC29DA45.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015185 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--EECE9315--6642DE50458D.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015180 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F8E397A1--F889EE65E230.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015172 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--DEE3806E--9D2ABCDA1CDF.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015172 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AF2F9055--41BB25849FCF.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015172 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A2B4F659--3333232D8289.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015172 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--2D65B951--11EB1B4A60E3.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00015172 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--0A277521--95822A423CA1.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00014797 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A4E2434D--49F07BBB1357.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00014793 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--684DEDFC--DBD1CAE28551.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00014660 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E0AF3FDB--7DCB1A529853.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00014660 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--98223CE6--F437BC79D57E.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00014170 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--D358104C--CDB78C0A620A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00013815 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--31EADA45--F0EC6C1A6F49.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00013497 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--3681CE9C--B27B2FAAA07E.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00013423 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--C6CAD7E8--D3C19A143127.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00013423 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--584E1802--F452BB344AE6.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00013423 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--1B7A6A21--FF3490B47D68.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012957 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--4082C666--BC51748E5AA0.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012889 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--37F7A63C--82E940E74342.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012865 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--18D49776--5D917BC4EB60.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012787 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--725A473C--08DA7D0ECBB8.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012612 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7C2D17FA--DA18B813FF1E.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012341 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--188E4CE4--51EED26DDA37.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012320 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--9FE0C59E--B351CE3781D8.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012320 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--79604854--A5E3879C92EB.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012320 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--77A2C5CE--ABE9449E6738.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012201 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B144883E--469073B83918.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012100 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--AFFFE1BF--381DC5EB4D52.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012031 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--665EDEA9--C1AB16112677.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00012005 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--7D09D5C6--FE030327D994.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00011866 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--F988A117--205060C19D3A.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00011645 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--CFEB4DC5--8F3B9CB83384.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00010396 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--E9DD9F0B--F006D63AEA94.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00010038 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--46623AD4--893DBBC12997.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00009481 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C83886E0--FF11316BD887.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00008476 _____ C:\Users\amberr\Downloads\OSIRIS-12d8.htm
    2016-12-07 09:48 - 2016-12-07 09:48 - 00008004 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--564E7388--7BBDCC5AD717.osiris
    2016-12-07 09:48 - 2016-12-07 09:48 - 00001806 _____ C:\Users\amberr\Downloads\9A8F70E1--C6BA--0D0A--E3E4CFA1--B023403F47DD.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00100676 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--A43D655E--B1AF0A187E10.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00044868 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--345C8B67--83EDBE744C55.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00026948 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--89681566--6E5B878F5B61.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00025924 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B7F3E05F--F34026E7BFE6.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00023876 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--C8F48FE2--D812F04EEF52.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00021780 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--B8012E54--DADC238558D5.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00012056 _____ C:\Users\amberr\Documents\9A8F70E1--C6BA--0D0A--5C4C8FCD--531261C6D723.osiris
    2016-12-07 09:47 - 2016-12-07 09:47 - 00008476 _____ C:\Users\amberr\Documents\OSIRIS-6f52.htm
    2016-11-23 10:49 - 2016-11-23 10:49 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B9C39E6F-6C13-420D-9763-E1117488C488}
    2016-11-21 11:34 - 2016-12-07 09:51 - 00000000 ____D C:\Users\amberr\Documents\Oct 2016
    2016-11-15 08:29 - 2016-10-19 09:25 - 00123848 _____ (Sophos Limited) C:\Windows\system32\Drivers\sntp.sys
    2016-11-09 09:03 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-11-09 09:03 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2016-11-09 09:03 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-11-09 09:03 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2016-11-09 09:03 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2016-11-09 09:03 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-11-09 09:03 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2016-11-09 09:03 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2016-11-09 09:03 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2016-11-09 09:03 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-11-09 09:03 - 2016-10-27 20:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-11-09 09:03 - 2016-10-27 20:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-11-09 09:03 - 2016-10-27 12:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-11-09 09:03 - 2016-10-27 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-11-09 09:03 - 2016-10-27 11:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-11-09 09:03 - 2016-10-27 11:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-11-09 09:03 - 2016-10-27 11:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-11-09 09:03 - 2016-10-27 11:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-11-09 09:03 - 2016-10-27 11:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-11-09 09:03 - 2016-10-27 11:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-11-09 09:03 - 2016-10-27 11:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-11-09 09:03 - 2016-10-27 11:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-11-09 09:03 - 2016-10-27 11:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-11-09 09:03 - 2016-10-27 11:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-11-09 09:03 - 2016-10-27 11:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-11-09 09:03 - 2016-10-27 11:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-11-09 09:03 - 2016-10-27 11:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-11-09 09:03 - 2016-10-27 11:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-11-09 09:03 - 2016-10-27 11:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-11-09 09:03 - 2016-10-27 11:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-11-09 09:03 - 2016-10-27 11:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-11-09 09:03 - 2016-10-27 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-11-09 09:03 - 2016-10-27 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-11-09 09:03 - 2016-10-27 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-11-09 09:03 - 2016-10-27 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-11-09 09:03 - 2016-10-27 11:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-11-09 09:03 - 2016-10-27 11:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-11-09 09:03 - 2016-10-27 10:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-11-09 09:03 - 2016-10-27 10:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-11-09 09:03 - 2016-10-27 10:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-11-09 09:03 - 2016-10-27 10:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-11-09 09:03 - 2016-10-27 10:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-11-09 09:03 - 2016-10-27 10:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-11-09 09:03 - 2016-10-27 10:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-11-09 09:03 - 2016-10-27 10:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-11-09 09:03 - 2016-10-27 09:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-11-09 09:03 - 2016-10-27 08:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-11-09 09:03 - 2016-10-25 08:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-11-09 09:03 - 2016-10-22 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-11-09 09:03 - 2016-10-22 10:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-11-09 09:03 - 2016-10-22 10:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-11-09 09:03 - 2016-10-22 10:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-11-09 09:03 - 2016-10-22 10:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-11-09 09:03 - 2016-10-22 10:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-11-09 09:03 - 2016-10-22 10:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-11-09 09:03 - 2016-10-22 10:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-11-09 09:03 - 2016-10-22 10:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-11-09 09:03 - 2016-10-22 10:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-11-09 09:03 - 2016-10-22 10:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-11-09 09:03 - 2016-10-22 10:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-11-09 09:03 - 2016-10-22 10:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-11-09 09:03 - 2016-10-22 10:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-11-09 09:03 - 2016-10-22 10:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-11-09 09:03 - 2016-10-22 10:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-11-09 09:03 - 2016-10-22 09:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-11-09 09:03 - 2016-10-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-11-09 09:03 - 2016-10-22 09:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-11-09 09:03 - 2016-10-22 09:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-11-09 09:03 - 2016-10-22 09:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-11-09 09:03 - 2016-10-22 09:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-11-09 09:03 - 2016-10-22 09:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-11-09 09:03 - 2016-10-22 09:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-11-09 09:03 - 2016-10-22 09:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-11-09 09:03 - 2016-10-22 09:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-11-09 09:03 - 2016-10-22 09:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-11-09 09:03 - 2016-10-22 09:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-11-09 09:03 - 2016-10-22 09:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-11-09 09:03 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-11-09 09:03 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2016-11-09 09:03 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-11-09 09:03 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2016-11-09 09:03 - 2016-10-11 08:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2016-11-09 09:03 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
    2016-11-09 09:03 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2016-11-09 09:03 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2016-11-09 09:03 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
    2016-11-09 09:03 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
    2016-11-09 09:03 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
    2016-11-09 09:03 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
    2016-11-09 09:03 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
    2016-11-09 09:03 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2016-11-09 09:03 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2016-11-09 09:03 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2016-11-09 09:03 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
    2016-11-09 09:03 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
    2016-11-09 09:03 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
    2016-11-09 09:03 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2016-11-09 09:03 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2016-11-09 09:03 - 2016-10-10 08:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-11-09 09:03 - 2016-10-10 08:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-11-09 09:03 - 2016-10-10 08:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-11-09 09:03 - 2016-10-10 08:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-11-09 09:03 - 2016-10-10 08:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-11-09 09:03 - 2016-10-10 08:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-11-09 09:03 - 2016-10-10 08:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-11-09 09:03 - 2016-10-10 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-11-09 09:03 - 2016-10-10 08:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-11-09 09:03 - 2016-10-10 07:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-11-09 09:03 - 2016-10-10 07:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-11-09 09:03 - 2016-10-10 07:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-11-09 09:03 - 2016-10-10 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-11-09 09:03 - 2016-10-10 07:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-11-09 09:03 - 2016-10-10 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-11-09 09:03 - 2016-10-07 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-11-09 09:03 - 2016-10-07 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-11-09 09:03 - 2016-10-07 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-11-09 09:03 - 2016-10-07 08:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-11-09 09:03 - 2016-10-07 08:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-11-09 09:03 - 2016-10-07 08:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 08:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-11-09 09:03 - 2016-10-07 08:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-11-09 09:03 - 2016-10-07 08:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-11-09 09:03 - 2016-10-07 08:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-11-09 09:03 - 2016-10-07 08:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-11-09 09:03 - 2016-10-07 07:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-11-09 09:03 - 2016-10-07 07:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-11-09 09:03 - 2016-10-07 07:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-11-09 09:03 - 2016-10-07 07:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-11-09 09:03 - 2016-10-07 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-11-09 09:03 - 2016-10-07 07:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 07:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 07:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-07 07:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-11-09 09:03 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2016-11-09 09:03 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2016-11-09 09:03 - 2016-09-13 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-11-09 09:03 - 2016-09-13 08:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-11-09 09:03 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2016-11-09 09:03 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2016-11-09 09:02 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-12-07 15:40 - 2013-06-18 09:39 - 00000216 _____ C:\Windows\system32\config\netlogon.ftl
    2016-12-07 15:35 - 2015-06-02 13:16 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-843312985-487402592-91182677-1139.job
    2016-12-07 15:25 - 2013-04-16 00:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-12-07 15:20 - 2014-01-27 09:21 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-843312985-487402592-91182677-1139.job
    2016-12-07 15:20 - 2013-06-18 09:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-12-07 15:20 - 2013-06-18 09:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-12-07 13:39 - 2013-06-19 11:31 - 00000000 ____D C:\ScanFolder
    2016-12-07 13:07 - 2013-06-18 09:52 - 00000000 ____D C:\Users\amberr
    2016-12-07 13:00 - 2013-06-21 09:18 - 00000000 ____D C:\Users\amberr\Documents\AscendReports
    2016-12-07 11:56 - 2013-06-18 09:52 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{397012BF-F564-4AEB-B59E-5A2BE4C6CAD2}
    2016-12-07 10:04 - 2015-08-21 12:22 - 00000000 ____D C:\Users\amberr\Documents\State Audit
    2016-12-07 10:04 - 2015-07-29 07:29 - 00000000 ____D C:\Users\Rick Fredricksen\Desktop\spsetup128
    2016-12-07 10:04 - 2015-07-27 08:44 - 00000000 ____D C:\SFCFix
    2016-12-07 10:04 - 2014-07-07 14:20 - 00000000 ____D C:\Users\amberr\Documents\Confirmation.aspx_files
    2016-12-07 10:04 - 2014-04-03 15:34 - 00000000 ____D C:\HP_LaserJet_400_M401
    2016-12-07 10:04 - 2013-07-23 07:47 - 00000000 ___SD C:\Users\amberr\Documents\My Data Sources
    2016-12-07 10:04 - 2013-07-03 10:11 - 00000000 ____D C:\Users\amberr\Documents\Add-in Express
    2016-12-07 10:03 - 2014-03-07 10:56 - 00000000 ____D C:\Users\amberr\Documents\Log
    2016-12-07 10:03 - 2013-07-12 12:25 - 00000000 ____D C:\Users\amberr\Documents\frx documentation
    2016-12-07 10:03 - 2013-07-03 10:05 - 00000000 ____D C:\Users\amberr\Desktop\BizBroadcast_2%5F0
    2016-12-07 10:03 - 2013-04-16 00:32 - 00000000 ____D C:\ProgramData\Intel
    2016-12-07 10:02 - 2013-07-12 12:28 - 00000000 ____D C:\Users\amberr\Documents\UT FUEL TAXES
    2016-12-07 10:02 - 2013-07-12 12:25 - 00000000 ____D C:\Users\amberr\Documents\Fuel Tax Reports
    2016-12-07 10:02 - 2013-06-18 09:11 - 00000000 ____D C:\IEBLOCKER
    2016-12-07 10:01 - 2016-09-19 08:36 - 00000000 ____D C:\Users\amberr\Documents\August 2016
    2016-12-07 10:01 - 2015-02-20 10:51 - 00000000 ____D C:\Users\amberr\Documents\August 2015
    2016-12-07 10:01 - 2015-01-26 08:49 - 00000000 ____D C:\Users\amberr\Documents\Dec 2014
    2016-12-07 10:01 - 2014-09-17 08:46 - 00000000 ____D C:\Users\amberr\Documents\August 2014
    2016-12-07 10:01 - 2013-07-12 12:24 - 00000000 ____D C:\Users\amberr\Documents\Assurant Forms
    2016-12-07 09:52 - 2016-05-19 13:47 - 00000000 ____D C:\Users\amberr\Documents\April 2016
    2016-12-07 09:52 - 2015-04-15 14:34 - 00000000 ____D C:\Users\amberr\Desktop\PRICEBOOK DESKTOP SHORTCUTS
    2016-12-07 09:52 - 2015-02-20 10:51 - 00000000 ____D C:\Users\amberr\Documents\April 2015
    2016-12-07 09:52 - 2014-06-13 10:24 - 00000000 ____D C:\Users\amberr\Desktop\AFlac Forms
    2016-12-07 09:52 - 2014-05-13 10:08 - 00000000 ____D C:\Users\amberr\Documents\April 2014
    2016-12-07 09:52 - 2013-07-12 12:24 - 00000000 ____D C:\Users\amberr\Documents\Abra
    2016-12-07 09:52 - 2011-02-11 09:32 - 00000000 __RHD C:\SYSTEM.SAV
    2016-12-07 09:52 - 2011-02-11 09:32 - 00000000 ____D C:\SWSETUP
    2016-12-07 09:51 - 2016-10-25 10:05 - 00000000 ____D C:\Users\amberr\Documents\Sept 2016
    2016-12-07 09:51 - 2016-08-22 10:00 - 00000000 ____D C:\Users\amberr\Documents\July 2016
    2016-12-07 09:51 - 2016-07-25 08:02 - 00000000 ____D C:\Users\amberr\Documents\June 2016
    2016-12-07 09:51 - 2016-06-27 08:09 - 00000000 ____D C:\Users\amberr\Documents\May 2016
    2016-12-07 09:51 - 2016-04-13 11:08 - 00000000 ____D C:\Users\amberr\Documents\March 2016
    2016-12-07 09:51 - 2016-02-17 11:59 - 00000000 ____D C:\Users\amberr\Documents\Jan 2016
    2016-12-07 09:51 - 2015-02-20 10:52 - 00000000 ____D C:\Users\amberr\Documents\October 2015
    2016-12-07 09:51 - 2015-02-20 10:52 - 00000000 ____D C:\Users\amberr\Documents\November 2015
    2016-12-07 09:51 - 2015-02-20 10:51 - 00000000 ____D C:\Users\amberr\Documents\September 2015
    2016-12-07 09:51 - 2015-02-20 10:51 - 00000000 ____D C:\Users\amberr\Documents\May 2015
    2016-12-07 09:51 - 2015-02-20 10:51 - 00000000 ____D C:\Users\amberr\Documents\June 2015
    2016-12-07 09:51 - 2015-02-20 10:51 - 00000000 ____D C:\Users\amberr\Documents\July 2015
    2016-12-07 09:51 - 2015-02-20 10:50 - 00000000 ____D C:\Users\amberr\Documents\March 2015
    2016-12-07 09:51 - 2015-02-20 10:50 - 00000000 ____D C:\Users\amberr\Documents\Januray 2015
    2016-12-07 09:51 - 2014-12-15 09:48 - 00000000 ____D C:\Users\amberr\Documents\November 2014
    2016-12-07 09:51 - 2014-11-21 10:18 - 00000000 ____D C:\Users\amberr\Documents\October 2014
    2016-12-07 09:51 - 2014-10-22 08:30 - 00000000 ____D C:\Users\amberr\Documents\September2014
    2016-12-07 09:51 - 2014-08-27 08:03 - 00000000 ____D C:\Users\amberr\Documents\July 2014
    2016-12-07 09:51 - 2014-07-22 08:39 - 00000000 ____D C:\Users\amberr\Documents\June 2014
    2016-12-07 09:51 - 2014-06-12 09:21 - 00000000 ____D C:\Users\amberr\Documents\May 2014
    2016-12-07 09:51 - 2014-04-23 07:39 - 00000000 ____D C:\Users\amberr\Documents\March 2014
    2016-12-07 09:51 - 2014-02-10 13:57 - 00000000 ____D C:\Users\amberr\Documents\January 2014
    2016-12-07 09:51 - 2013-07-12 14:33 - 00000000 ____D C:\WSFTP
    2016-12-07 09:50 - 2016-03-11 11:26 - 00000000 ____D C:\Users\amberr\Documents\February 2016
    2016-12-07 09:50 - 2015-02-20 10:52 - 00000000 ____D C:\Users\amberr\Documents\December 2015
    2016-12-07 09:50 - 2015-02-20 10:50 - 00000000 ____D C:\Users\amberr\Documents\February 2015
    2016-12-07 09:50 - 2014-03-20 09:21 - 00000000 ____D C:\Users\amberr\Documents\February 2014
    2016-12-07 09:50 - 2013-10-30 09:35 - 00000000 ____D C:\ProgramData\WebEx
    2016-12-07 09:50 - 2013-07-12 12:25 - 00000000 ____D C:\Users\amberr\Documents\Delta Dental Forms
    2016-12-07 09:50 - 2013-04-16 00:31 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2016-12-07 09:49 - 2016-08-08 08:07 - 00000000 ____D C:\Users\amberr\Desktop\DOT
    2016-12-07 09:49 - 2013-07-12 14:01 - 00000000 ____D C:\Users\amberr\Documents\Payroll 2013
    2016-12-07 09:49 - 2013-07-12 12:24 - 00000000 ____D C:\Users\amberr\Documents\Check Registers
    2016-12-07 09:48 - 2016-01-04 16:17 - 00000000 ____D C:\Users\amberr\Documents\Payroll 2016
    2016-12-07 09:48 - 2015-01-12 12:02 - 00000000 ____D C:\Users\amberr\Documents\Payroll 2015
    2016-12-07 09:48 - 2013-07-12 12:28 - 00000000 ____D C:\Users\amberr\Documents\UT SALES TAX
    2016-12-07 09:48 - 2013-07-12 12:25 - 00000000 ____D C:\Users\amberr\Documents\Insurance Correspondence
    2016-12-07 09:48 - 2013-07-12 12:24 - 00000000 ____D C:\Users\amberr\Documents\ap clerk
    2016-12-07 09:47 - 2013-07-03 10:14 - 00000000 ____D C:\BizBroadcast
    2016-12-07 09:47 - 2013-06-19 10:40 - 00000000 ____D C:\Users\amberr\Documents\TinyTERM
    2016-12-07 08:48 - 2009-07-13 21:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-12-07 08:48 - 2009-07-13 21:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-12-07 08:43 - 2009-07-13 22:13 - 00862768 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-12-07 08:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-12-07 08:35 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-12-05 15:00 - 2013-06-21 15:44 - 00000000 ____D C:\Users\amberr\AppData\Local\Deployment
    2016-12-05 11:00 - 2013-06-21 08:54 - 00000000 ____D C:\Users\administrator
    2016-12-01 17:02 - 2015-11-16 10:02 - 00239152 _____ C:\Windows\system32\RW_AppData.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00064912 _____ C:\Windows\system32\RW_FileType.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00036848 _____ C:\Windows\system32\RW_{D6517644-D837-11E2-811A-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00007008 _____ C:\config.xml
    2016-12-01 17:02 - 2015-11-16 10:02 - 00006160 _____ C:\Windows\system32\RW_{63857D2A-36DE-11E5-9B81-6C3BE52C7334}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00006048 _____ C:\Windows\system32\RW_{C61DEEC7-A66E-11E2-BE78-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00006048 _____ C:\Windows\system32\RW_{C61DEEC6-A66E-11E2-BE78-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00006048 _____ C:\Windows\system32\RW_{C61DEEC4-A66E-11E2-BE78-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00000588 _____ C:\Windows\system32\RW_FileFlag.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00000016 _____ C:\Windows\system32\EvGr_Data{D6517644-D837-11E2-811A-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00000016 _____ C:\Windows\system32\EvGr_Data{C61DEEC7-A66E-11E2-BE78-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00000016 _____ C:\Windows\system32\EvGr_Data{C61DEEC6-A66E-11E2-BE78-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00000016 _____ C:\Windows\system32\EvGr_Data{C61DEEC4-A66E-11E2-BE78-806E6F6E6963}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00000016 _____ C:\Windows\system32\EvGr_Data{63857D2A-36DE-11E5-9B81-6C3BE52C7334}.dat
    2016-12-01 17:02 - 2015-11-16 10:02 - 00000000 _____ C:\Windows\system32\AdmList.txt
    2016-11-21 09:15 - 2015-06-02 13:16 - 00003692 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-843312985-487402592-91182677-1139
    2016-11-21 09:15 - 2014-01-27 09:21 - 00003596 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-843312985-487402592-91182677-1139
    2016-11-16 11:31 - 2013-06-18 14:02 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-11-16 11:30 - 2013-06-18 13:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-11-11 10:26 - 2013-06-18 09:30 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-11 10:26 - 2013-06-18 09:30 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-10 11:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2016-11-10 08:28 - 2009-07-13 21:45 - 00344584 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-11-09 11:37 - 2013-07-12 13:58 - 00000000 ____D C:\Users\amberr\AppData\Roaming\FileZilla
    2016-11-08 10:27 - 2013-07-24 07:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-11-08 10:27 - 2013-07-24 07:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-11-08 10:27 - 2013-04-16 00:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-11-08 10:26 - 2013-04-16 00:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-11-08 10:26 - 2013-04-16 00:42 - 00000000 ____D C:\Windows\system32\Macromed
    2016-11-07 08:36 - 2016-09-14 15:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task


    ==================== Files in the root of some directories =======


    2014-04-03 16:14 - 2014-04-03 16:14 - 0000078 _____ () C:\ProgramData\lmab.log


    Some files in TEMP:
    ====================
    C:\Users\administrator\AppData\Local\Temp\uninstall.exe




    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-12-05 13:25


    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
    Ran by Administrator (07-12-2016 16:16:20)
    Running from C:\Users\amberr\Desktop\Sysnative
    Windows 7 Professional Service Pack 1 (X64) (2013-06-18 15:56:10)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-3060380595-1606716934-2033386845-500 - Administrator - Disabled)
    Guest (S-1-5-21-3060380595-1606716934-2033386845-501 - Limited - Disabled)
    Rick Fredricksen (S-1-5-21-3060380595-1606716934-2033386845-1000 - Limited - Enabled) => C:\Users\Rick Fredricksen
    SophosSAUAMBER0 (S-1-5-21-3060380595-1606716934-2033386845-1010 - Limited - Enabled)
    SophosSAUAMBER1 (S-1-5-21-3060380595-1606716934-2033386845-1016 - Limited - Enabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Sophos Anti-Virus (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
    AS: Sophos Anti-Virus (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    ACH Origination Application (x32 Version: 19.41.0.3 - Fiserv) Hidden
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    BizBroadcast (HKLM-x32\...\{235348E0-86BD-4D8A-855F-5C376A477626}) (Version: 2.0.28 - BizNet Software, Inc.)
    BizInsight (HKLM-x32\...\{679EF7F2-E7ED-48AE-B3FD-3E9CDF0E5051}) (Version: 5.0.351 - BizNet Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.50.0002 - Brother)
    Brother HL-5250DN (HKLM-x32\...\{1EA38B23-9C9E-4A26-855A-DBF15CEA7D4D}) (Version: 1.00 - Brother)
    Carbonite (HKLM-x32\...\{01991D36-E966-4893-85E1-D97D01E5F6AC}) (Version: 5.8.4 build 5625 (Jan-12-2016) - Carbonite)
    CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
    Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
    Crystal Reports 2008 for Sage (HKLM-x32\...\{068857D8-FDD1-4F29-8F74-E9DE91E8A587}) (Version: 12.1.0.883 - Business Objects)
    Crystal Reports for .NET Framework 2.0 (x64) (HKLM\...\{E679FCFF-4429-40CC-A7BF-0602261969ED}) (Version: 10.2.0 - Business Objects)
    CrystalXIRedist (HKLM-x32\...\{EAFA3FF9-009E-4654-BA6F-845459517DD3}) (Version: 11.5.1 - Business Objects)
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Diskeeper 12 Professional (HKLM\...\{B67BB88D-120B-4635-83C9-2E60CF9C70AC}) (Version: 16.0.1012.64 - Condusiv Technologies)
    EMET 4.1 (HKLM-x32\...\{65BC2BDA-D828-4596-99E4-A8799C45C84C}) (Version: 4.1 - Microsoft Corporation)
    FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
    Firestream Ascend Retail (HKLM-x32\...\FirestreamAscendRetail) (Version: 4.08.1.0010 - Firestream Worldwide)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GoToMeeting 5.8.0.1189 (HKU\S-1-5-21-843312985-487402592-91182677-500\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
    GoToMeeting 7.27.0.5922 (HKU\S-1-5-21-843312985-487402592-91182677-1139\...\GoToMeeting) (Version: 7.27.0.5922 - CitrixOnline)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
    HP LaserJet 400 M401 (HKLM-x32\...\{8989F6D9-550C-4178-A8CB-75B82A06621F}) (Version: 5.0.13198.1083 - Hewlett-Packard)
    HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
    HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
    hpbM401DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
    HPDXP (x32 Version: 3.0.26.1 - HP) Hidden
    HPLaserJet400-M401_HelpLearnCenter_SI (HKLM-x32\...\{4989DD05-86FB-4CA2-96C5-923DFAD89DA3}) (Version: 1.01.0000 - Hewlett-Packard)
    HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
    HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
    HPLJUTM401 (x32 Version: 3.00.0003 - HP) Hidden
    hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
    hppM401LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
    hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
    hpStatusAlertsM401 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
    Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4875.1001 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{751EE164-9F12-4E57-ADB0-02D8F34A10AD}) (Version: 9.00.1399.06 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Database Providers (x64) ENU (HKLM\...\{29FF483A-A9C2-44E5-9BFF-E1607E9B35B1}) (Version: 3.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.8 - Mozilla)
    Mozilla Thunderbird 17.0.8 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.8 (x86 en-US)) (Version: 17.0.8 - Mozilla)
    NetLib Encryptionizer DE Distribution (HKLM-x32\...\NetLib Encryptionizer DE Distribution-2008.6.22.0) (Version: 2008.6.22.0 - Communication Horizons)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden
    opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
    Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
    Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
    Sage Abra Suite (HKU\S-1-5-21-843312985-487402592-91182677-1139\...\00bcb9d583279c11) (Version: 9.20.66.1 - Sage Software)
    Sage Abra Suite (HKU\S-1-5-21-843312985-487402592-91182677-500\...\8b549dcb11fbac01) (Version: 9.11.45.1 - Sage Software)
    Sage Abra Suite Components (HKLM-x32\...\{E65E7559-55BC-46C5-B14D-11A609960B3E}) (Version: 9.20.13 - Sage)
    Sage Importer (x32 Version: 15.4.16 - Sage Software, Inc.) Hidden
    Sophos Anti-Virus (x32 Version: 10.7.0.301 - Sophos Limited) Hidden
    Sophos AutoUpdate XG (x32 Version: 5.5.0.26 - Sophos Limited) Hidden
    Sophos Diagnostic Utility (x32 Version: 1.13.0.4 - Sophos Limited) Hidden
    Sophos Endpoint (Version: 1.0.0.301 - Sophos Limited) Hidden
    Sophos Endpoint Agent (HKLM\...\Sophos Endpoint Agent) (Version: 11.5.2 - Sophos Ltd)
    Sophos Endpoint Defense (Version: 1.0.0.265 - Sophos Limited) Hidden
    Sophos Health (x32 Version: 2.0.3.32 - Sophos Limited) Hidden
    Sophos Heartbeat (x32 Version: 4.2.0.79 - Sophos Limited) Hidden
    Sophos Management Communications System (x32 Version: 4.3.1.5 - Sophos Limited) Hidden
    Sophos Network Threat Protection (Version: 1.3.1.12 - Sophos Limited) Hidden
    Sophos System Protection (Version: 2.6.0.71 - Sophos Limited) Hidden
    TinyTERM (HKLM-x32\...\{3E456FC1-2DAD-4810-B9F0-5FB6A2E4875A}) (Version: 4.7.0 - Century Software, Inc.)
    WD Anywhere Backup (HKLM-x32\...\{68131B0A-D78D-4aed-B74E-33A6C7324E50}) (Version: - Memeo Inc.)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{01B49317-590E-38BB-BB82-62849969AAE7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{1721772A-8316-45F3-A4CA-63DF10C0D075}\InprocServer32 -> C:\BizBroadcast\bin\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{18C49BE9-8CE3-3E21-9D0A-A18F858927F2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{1983230A-6C79-3A95-9E82-28C8C7FD2124}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{20CAB182-5DF3-39D6-8095-024D60126599}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{22622F55-05EA-34E1-9603-6BAD46CF4438}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{24DCD520-B970-33E2-AF90-8B44E00DB870}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{254173D6-DC94-3889-B7E5-42C82C865150}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{26646C4F-26BF-3919-A48F-D0FF1D2AF778}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{2A615E69-A3FA-35EC-8F67-99EF607643FE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{3104BED6-50F0-3EA6-AB63-8BC902F65324}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{31568253-86B6-396A-9752-6F5BC114A41A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{3613079B-8192-36E0-A057-CED5834DB6D2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{3E42BAB1-9318-3748-BFD6-E9EB51996CB3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{3FC4939B-ABF4-3C40-BFF0-BE1343A68C86}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{4F4B1819-3256-377A-9602-E77AE16454BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{555033B8-2EC5-345B-89DA-E48F6F68F302}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{597E4E24-45BB-34D2-80DE-CEEEEDFE4A6F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{5A286643-5097-3668-A6A2-8B2D6AF4A105}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{6CA79270-38EF-34E5-9B32-413492AA3DC7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{764E9943-9868-3C85-8080-C9779766D769}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{76566014-56BD-38E6-B460-922B027DCFDD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{775DD32E-E987-3D68-8940-00D3BB80F05C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{7CFCEAE3-C136-3D4D-BA6F-482F67B844A2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{7DC4835B-F688-3A34-8FB7-D19E6D21C271}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{81029345-2F5E-3446-A605-85C0AF76708C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{81CB1D29-0DA9-3BD9-8FA6-1633D64367AF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\amberr\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{877FE77F-44A1-3F70-A1A7-165CE66F4AE4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{8830F8C0-3434-3B44-B6A9-6387CFC165BA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{8E3D2E81-51D3-3594-BFAF-C8D0B2B184C4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{8EFD8C1C-E7E4-3708-8777-D208672505C2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{92C2F3B2-814E-304B-8071-2906CA1B8B76}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{94690574-8102-3AE2-96AD-1417FE4A1345}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{9899926D-67EC-3B16-A466-3CE666548856}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{9DEF5A63-197F-37C5-8E22-F2AF0F8CE3ED}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{A2C0CA0E-06BE-3465-9228-11D687035E2D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{B25D9161-B702-3110-AF5E-C3253D493349}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{B4B5CD9A-58D8-3741-8C0B-8626342EBD7A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{BBD8BBD2-EBD1-3814-A110-7298F6667B93}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{BD0AC651-DB97-3BDA-BCCF-8F34161B79E2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{BFBC7BBC-C0FB-3459-BEFF-5B2139D65FDD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{C0043AB3-E771-3D22-8B88-39C905522931}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{C2605A8D-A1CD-443B-82DB-7267C3C11F93}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{C845CB6F-67C0-4958-AB3C-5B623777295A}\InprocServer32 -> C:\BizInsight\bin5\adxloader64.dll ()
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{C969C943-5956-39C8-B478-A0A1F5BCB822}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{D2A819F5-72BA-3AE3-A7F7-28443DF17657}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{D304C85C-2D95-3CAA-99C5-3D4792405364}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{D62F5776-3D58-3EA3-8DC0-8D26DCAE7B5E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{D8BF108F-8915-3684-AAA3-E6D276CB2CEF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{DF3A43A4-3639-3195-81FD-4E6BE34757A1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{E9B4DA90-7819-3721-B4AC-B36371DD0E49}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{EF6DC33C-84B8-3FC7-9A1D-FD2BA3F359F1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-1139_Classes\CLSID\{FB23E196-A00B-39AA-80FA-DD0A0ACBD3F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-843312985-487402592-91182677-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {1038967C-10E1-44D2-A96F-20547CED9E06} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
    Task: {18FFE7DC-6634-489C-ACE1-2106468F2147} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {1EF73EE1-CAE2-4420-AAC2-18638E723BC2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {2CDD7EA2-ED4F-4282-AAD8-6F52823F261A} - System32\Tasks\G2MUploadTask-S-1-5-21-843312985-487402592-91182677-1139 => C:\Users\amberr\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-11-21] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {3085CACF-A1AE-4174-8FB5-260D41FC4DDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
    Task: {331F9124-8529-441E-B9AA-B0461565D357} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {42553140-59A3-42E5-A91C-A1FF28757D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {4C89F182-3AB2-475E-BDBA-9AE8AB4CC558} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)
    Task: {51C4B6F2-024C-4191-8DDF-415D12E69992} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {5A8FC08C-D661-4FC7-8C79-F52E4B850638} - System32\Tasks\G2MUpdateTask-S-1-5-21-843312985-487402592-91182677-1139 => C:\Users\amberr\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-11-21] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {65C68D7C-2D78-4FDC-8544-D6FE8B053D81} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
    Task: {77B1DF26-7BED-4B41-979F-088E5E63EE98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
    Task: {78DA442B-CCBB-463A-999F-7F92230DCA35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {8AF8AFFD-567C-444A-BB79-025B8BAB2E3F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {A99958D8-2C15-4134-9581-55678770DF68} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {AD454C21-6E7E-46ED-87BB-870742911D8C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {DBF17BE3-F4F9-4E2C-A31A-A05C2C65516B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {E13FA174-1001-47BF-A351-76C349AF6671} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {F3F40312-63A4-48F1-93EF-187FBD58DDCE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation)
    Task: {FCB3EA60-AD46-4DB8-AEBD-02EB453FAF5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-843312985-487402592-91182677-1139.job => C:\Users\amberr\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-843312985-487402592-91182677-1139.job => C:\Users\amberr\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============


    2013-11-21 09:14 - 2013-11-21 09:14 - 00089232 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE64.DLL
    2014-11-04 11:30 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
    2014-11-04 11:30 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
    2013-06-24 10:23 - 2012-12-11 09:02 - 00098304 _____ () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
    2012-12-19 16:00 - 2012-12-19 16:00 - 00157008 _____ () C:\Program Files (x86)\Century\TinyTERM\cenlpd.exe
    2014-03-19 07:40 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2016-07-26 07:52 - 2016-05-24 09:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2012-04-04 19:46 - 2012-04-04 19:46 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-04-16 00:37 - 2009-07-02 14:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
    2016-10-19 09:25 - 2016-10-19 09:25 - 00234336 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
    2016-10-19 09:25 - 2016-10-19 09:25 - 00141432 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
    2016-10-19 09:25 - 2016-10-19 09:25 - 00120080 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
    2016-10-19 09:25 - 2016-10-19 09:25 - 00077432 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
    2016-10-19 09:25 - 2016-10-19 09:25 - 00165736 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
    2016-10-19 09:25 - 2016-10-19 09:25 - 00149168 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
    2012-06-13 06:05 - 2012-06-13 06:05 - 00088440 _____ () C:\Program Files\Condusiv Technologies\Diskeeper\DK_Net.dll
    2009-11-12 19:30 - 2009-11-12 19:30 - 01804000 _____ () C:\Program Files (x86)\WD\WD Anywhere Backup\Memeo.Client.UI.dll
    2009-10-21 15:04 - 2009-10-21 15:04 - 00504293 _____ () C:\Program Files (x86)\WD\WD Anywhere Backup\sqlite3.DLL
    2013-11-21 09:14 - 2013-11-21 09:14 - 00080528 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE.DLL


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-843312985-487402592-91182677-1139\Control Panel\Desktop\\Wallpaper -> C:\Users\amberr\DesktopOSIRIS.bmp
    HKU\S-1-5-21-843312985-487402592-91182677-500\Control Panel\Desktop\\Wallpaper -> C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 216.67.153.137 - 199.190.151.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==




    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{588EDBFE-79E0-4F92-AF36-5A1E88E416B2}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{DCC86928-1D6F-4E20-9AAA-C414C8F421AA}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{9DD446F3-1691-4F7A-A503-206E64784032}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CCDF9229-87CB-4FB4-B643-751C396776E8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9A1549B7-DCD8-4829-9B61-2FAB9F4126B7}] => LPort=1433
    FirewallRules: [{EB175F9D-FA53-4D6C-8CB2-4747DB862B3E}] => LPort=1433
    FirewallRules: [{B92B81AB-21C3-4A31-A41C-D3D6697CA9D6}] => LPort=1433
    FirewallRules: [{426ADAB9-BB9A-49D5-B44B-45F077968E39}] => LPort=1433
    FirewallRules: [{C42E2E48-8470-4E42-A772-BB9FABB03469}] => LPort=1433
    FirewallRules: [{B1085410-107B-4EF7-A03B-0D35FFF02035}] => LPort=1433
    FirewallRules: [{FF2EBD11-A12A-4CA3-ADCE-C52BE73766A2}] => LPort=4022
    FirewallRules: [{CA845A97-D0DD-4314-A8B8-BA19BF29039A}] => LPort=4022
    FirewallRules: [{C4160805-AA6C-4DE6-A765-9C24192016A7}] => LPort=4022
    FirewallRules: [{F653075F-191C-4FCD-A4EE-BFB48090E4D7}] => LPort=4022
    FirewallRules: [{52FCFF35-37C0-4FE3-BDDE-BE31624B2B04}] => LPort=4022
    FirewallRules: [{D441CF0C-0491-40C5-A2F5-FC555FD44E77}] => LPort=4022
    FirewallRules: [{8B03DE3A-19DD-4494-A3E0-CC39D7B9F5CC}] => LPort=20
    FirewallRules: [{E5E3E01B-400D-4705-8A2A-A79B0F3AC318}] => LPort=20
    FirewallRules: [{B8C285BC-6755-4F63-A559-E0CA3A20CBE2}] => LPort=20
    FirewallRules: [{8437C1A3-7767-4863-A9E8-937298864BAA}] => LPort=20
    FirewallRules: [{98148B67-CAB3-4A5D-9C5E-75452D3D9553}] => LPort=20
    FirewallRules: [{1B845C11-1220-45F7-A770-E3BA8E1BF1CB}] => LPort=20
    FirewallRules: [{BE3D8C3F-C721-4FA4-96B0-5EC90365234F}] => LPort=21
    FirewallRules: [{AFCF45A8-4AAC-41D0-8BEF-B37033E7263C}] => LPort=21
    FirewallRules: [{D9FB375F-2023-4A64-A609-9D5B2906CDC9}] => LPort=21
    FirewallRules: [{4B1D628B-C626-4BAC-BC6A-96F687CCE769}] => LPort=21
    FirewallRules: [{5F670D8E-F0B6-4002-9BF7-91A77BB67912}] => LPort=21
    FirewallRules: [{56916394-DA52-48D2-B7B7-C5843048EED6}] => LPort=21
    FirewallRules: [{DE77E327-2B9B-4924-9868-D372516AC362}] => LPort=137
    FirewallRules: [{1CB27E79-5085-42D8-8915-B4146B05E8CC}] => LPort=137
    FirewallRules: [{56A63D89-C7C8-49FB-9411-5BC1E912DEBB}] => LPort=137
    FirewallRules: [{6AE0747D-16E8-481C-8A79-7502C58A16FF}] => LPort=137
    FirewallRules: [{3A9BF379-9930-4A6B-A80C-DFC791A85410}] => LPort=137
    FirewallRules: [{2F42DCDF-DA2E-42F5-AC44-6E636ECC059D}] => LPort=137
    FirewallRules: [{C982A388-C85B-4011-9A6F-29C307357565}] => LPort=138
    FirewallRules: [{53270FC5-2C69-4D02-B242-68E33B1BA145}] => LPort=138
    FirewallRules: [{FE83A831-5348-4958-8AAE-58BDBBEC9F7A}] => LPort=138
    FirewallRules: [{08D20F0A-D545-484E-930F-1664A51D308A}] => LPort=138
    FirewallRules: [{B7BA68BF-54F9-41C7-B172-C9DD9546C543}] => LPort=138
    FirewallRules: [{46593C9F-8E22-4AB6-BB18-0BC90157FB33}] => LPort=138
    FirewallRules: [{7E7E4273-91A0-4F9E-9424-D3D00E2536B4}] => LPort=139
    FirewallRules: [{D7D3C3A7-DF70-4437-8CA5-1576532FB587}] => LPort=139
    FirewallRules: [{556F1352-8765-41F5-AA31-FC4F4E172E41}] => LPort=139
    FirewallRules: [{54EF8CDF-E4A1-43FD-A492-1ECB1CF7B519}] => LPort=139
    FirewallRules: [{9A59F775-922B-433A-9807-788CE4394D99}] => LPort=139
    FirewallRules: [{22C31EE4-837A-4185-A744-4F9B84E3BCF9}] => LPort=139
    FirewallRules: [{D05DBF0A-1E48-4E90-B995-5873A2359A7C}] => LPort=445
    FirewallRules: [{25053CB4-FEE0-438C-8682-97304D078F77}] => LPort=445
    FirewallRules: [{18885B5A-1DAA-4233-AB44-681702E88B23}] => LPort=445
    FirewallRules: [{9BA55B3C-EE49-49B1-9EDA-CAD91E6FACB1}] => LPort=445
    FirewallRules: [{DB118494-6679-431D-884F-86A0E680BDF1}] => LPort=445
    FirewallRules: [{C9D69AFF-9D86-4E5C-B1E9-6843A0E1B8BF}] => LPort=445
    FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [{EBF52167-CA80-4AD5-906D-7137F990C065}] => C:\Users\Rick Fredricksen\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{AB0DCD7A-ABB5-44EC-BF39-8BDC96B243AD}] => C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
    FirewallRules: [{5D6771CA-3DAD-436A-9F12-3374B5843485}] => C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
    FirewallRules: [{EC8817ED-F862-4BDE-9777-99B0B25BFF9F}] => C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
    FirewallRules: [{5B88ED34-5556-4272-83BC-B769E97B0B58}] => C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
    FirewallRules: [{C35470BD-DB09-4D6C-90BF-65AF22F51424}] => C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
    FirewallRules: [{CE7641C7-3F4D-4BC7-9EB4-3304DB5ECC17}] => C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
    FirewallRules: [{A1C58A63-2BB8-4422-9591-ECE76AFDFFEB}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{E0CE185D-F343-4559-BA46-8E18ABD03694}] => C:\Program Files (x86)\HP\HP LaserJet 400 M401\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{CDD7698E-D83C-48A0-BE4C-541D7AF9FFFD}] => C:\Program Files (x86)\HP\HP LaserJet 400 M401\bin\EWSProxy.exe
    FirewallRules: [{381D35CB-6F19-41F4-8D6C-88B537476C71}] => LPort=9100
    FirewallRules: [{A10DBF36-0B04-4B48-A850-6731E2A04FED}] => LPort=427
    FirewallRules: [{4B6655E9-8D11-4891-8514-421437AA558D}] => LPort=161
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    FirewallRules: [{BF6AAEF1-E3C5-44B1-B60E-688D35B55604}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Restore Points =========================




    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (12/06/2016 03:50:47 PM) (Source: EMET) (EventID: 42) (User: )
    Description: EMET detected that the SSL certificate for "www.facebook.com" is not trusted by the rule "FacebookCA" associated with the domain "www.facebook.com"


    Certificates details:


    [SSL CERTIFICATE]
    SubjectName : CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, S=CA, C=US
    Issuer CA : CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
    SerialNumber : 0ECB0939B2B10154B89570C7B22B7A47
    Thumbprint : A04EAFB348C26B15A8C1AA87A333CAA3CDEEC9C9
    SignatureAlg : sha256RSA
    NotAfter : 12/30/2016 5:00:00 AM
    NotBefore : 08/27/2014 6:00:00 PM
    PublicKey : 04D8D1DD35BDE259B6FB9B1F54158CDBBF4E58BD47BEB810FC22E9D29E98F8492A25FB9446E4429984501C5F01FD1425315C4ED964FDC50CB346D2A1BC70B4878E


    [ROOTCA CERTIFICATE]
    SubjectName : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
    Issuer CA : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
    SerialNumber : 02AC5C266A0B409B8F0B79F2AE462577
    Thumbprint : 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
    SignatureAlg : sha1RSA
    NotAfter : 11/09/2031 5:00:00 PM
    NotBefore : 11/09/2006 5:00:00 PM
    PublicKey : 3082010A0282010100C6CCE573E6FBD4BBE52D2D32A6DFE5813FC9CD2549B6712AC3D5943467A20A1CB05F69A640B1C4B7B28FD098A4A941593AD3DC94D63CDB7438A44ACC4D2582F74AA5531238EEF3496D71917E63B6ABA65FC3A484F84F6251BEF8C5ECDB3892E306E508910CC4284155FBCB5A89157E71E835BF4D72093DBE3A38505B77311B8DB3C724459AA7AC6D00145A04B7BA13EB510A984141224E656187814150A6795C89DE194A57D52EE65D1C532C7E98CD1A0616A46873D03404135CA171D35A7C55DB5E64E13787305604E511B4298012F1793988A202117C2766B788B778F2CA0AA838AB0A64C2BF665D9584C1A1251E875D1A500B2012CC41BB6E0B5138B84BCB0203010001


    Error: (12/06/2016 03:50:32 PM) (Source: EMET) (EventID: 42) (User: )
    Description: EMET detected that the SSL certificate for "login.live.com" is not trusted by the rule "MSLiveCA" associated with the domain "login.live.com"


    Certificates details:


    [SSL CERTIFICATE]
    SubjectName : CN=gateway.login.live.com, OU=Passport, O=Microsoft Corporation, STREET=1 Microsoft Way, L=Redmond, S=Washington, PostalCode=98052, C=US, SERIALNUMBER=600413485, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Washington, OID.1.3.6.1.4.1.311.60.2.1.3=US
    Issuer CA : CN=Symantec Class 3 EV SSL CA - G3, OU=Symantec Trust Network, O=Symantec Corporation, C=US
    SerialNumber : 7E91C21DE50B21746D1978FA4BDEBE48
    Thumbprint : 6CDDC8D24EB492153FAF765AB077A7E95C7F5B7A
    SignatureAlg : sha256RSA
    NotAfter : 11/20/2017 4:59:59 PM
    NotBefore : 11/19/2015 5:00:00 PM
    PublicKey : 3082010A0282010100BE82A19906E8853C3E38B93790BA1308B79E9DBF587C6DBA03919F58805F553069EFA76748E18478A5414E7A737A1387371346DBC6C9AA48298250215029E41C65A24905F42ACF7A2A024CEE23D96C185331F24914EE2AB356575736C21554B58B3B67F17663081CE8DE54DBB4356EA05AE6B93DC76B160986747FA080CBD9CE083167E4D4D53FD911B3A0CC86670DA2C1BEE84C53E0B85DDCEC49B8C1A1E2D897547CEC1CC4A496C57775413280A085700EB28FC42A726B919DC3DAF37F1C7132C007938FBD543052BE8FEC4D442A0B7B5E9CFB754D9685968CBEF2049313D915104CD5F0A3C1B99853CB2C2E917E545C7EDB0E328D66BA8C134AB7D8BB672F0203010001


    [ROOTCA CERTIFICATE]
    SubjectName : CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    Issuer CA : CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
    SerialNumber : 18DAD19E267DE8BB4A2158CDCC6B3B4A
    Thumbprint : 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    SignatureAlg : sha1RSA
    NotAfter : 07/16/2036 5:59:59 PM
    NotBefore : 11/07/2006 5:00:00 PM
    PublicKey : 3082010A0282010100AF240808297A359E600CAAE74B3B4EDC7CBC3C451CBB2BE0FE2902F95708A364851527F5F1ADC831895D22E82AAAA642B38FF8B955B7B1B74BB3FE8F7E0757ECEF43DB66621561CF600DA4D8DEF8E0C362083D5413EB49CA59548526E52B8F1B9FEBF5A191C23349D843636A524BD28FE870514DD189697BC770F6B3DC1274DB7B5D4B56D396BF1577A1B0F4A225F2AF1C926718E5F40604EF90B9E400E4DD3AB519FF02BAF43CEEE08BEB378BECF4D7ACF2F6F03DAFDD759133191D1C40CB7424192193D914FEAC2A52C78FD50449E48D6347883C6983CBFE47BD2B7E4FC595AE0E9DD4D143C06773E314087EE53F9F73B8330ACF5D3F3487968AEE53E825150203010001


    Error: (12/06/2016 08:26:36 AM) (Source: SceCli) (EventID: 1001) (User: )
    Description: Security policy cannot be propagated.
    Cannot access the template. Error code = 3.
    \\redhorse.local\sysvol\redhorse.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.


    Error: (12/05/2016 02:02:55 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
    Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.


    Error: (12/05/2016 11:50:01 AM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
    Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.


    Error: (12/05/2016 11:48:54 AM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
    Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.


    Error: (12/05/2016 11:47:38 AM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
    Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.


    Error: (12/05/2016 11:19:13 AM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
    Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.


    Error: (11/29/2016 02:18:02 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
    Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.


    Error: (11/29/2016 12:34:07 PM) (Source: Sophos Management Communications System) (EventID: 8001) (User: )
    Description: The Sophos Management Communications System client service has received an HTTP status 503 from the server. This might indicate that action is necessary.




    System errors:
    =============
    Error: (12/07/2016 03:40:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: REDHORSE)
    Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.


    Error: (12/07/2016 03:38:58 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.


    Error: (12/07/2016 10:28:07 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: REDHORSE)
    Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.


    Error: (12/07/2016 10:22:45 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.


    Error: (12/07/2016 09:37:27 AM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume OS.


    Error: (12/07/2016 09:37:09 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
    Description: 0x8000002a171\??\Volume{c61deec4-a66e-11e2-be78-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1D1662FB-33EA-441D-8AAB-E12482518C4E}


    Error: (12/07/2016 08:35:40 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.


    Error: (12/07/2016 08:35:36 AM) (Source: NETLOGON) (EventID: 5719) (User: )
    Description: This computer was not able to set up a secure session with a domain
    controller in domain REDHORSE due to the following:
    There are currently no logon servers available to service the logon request.




    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.






    ADDITIONAL INFO


    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.


    Error: (12/07/2016 08:35:21 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 4:02:17 PM on ‎12/‎6/‎2016 was unexpected.


    Error: (12/06/2016 02:07:23 PM) (Source: NETLOGON) (EventID: 5719) (User: )
    Description: This computer was not able to set up a secure session with a domain
    controller in domain REDHORSE due to the following:
    There are currently no logon servers available to service the logon request.




    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.






    ADDITIONAL INFO


    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.




    CodeIntegrity:
    ===================================
    Date: 2015-08-05 09:53:45.762
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:45.762
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:45.747
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:45.747
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:33.796
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:33.781
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:33.781
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:33.781
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:33.640
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    Date: 2015-08-05 09:53:33.625
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.




    ==================== Memory info ===========================


    Processor: Intel(R) Pentium(R) CPU G2120 @ 3.10GHz
    Percentage of memory in use: 46%
    Total physical RAM: 3983.55 MB
    Available physical RAM: 2148.61 MB
    Total Virtual: 7965.28 MB
    Available Virtual: 5691.35 MB


    ==================== Drives ================================


    Drive c: (OS) (Fixed) (Total:451.42 GB) (Free:398.01 GB) NTFS
    Drive e: (HP_RECOVERY) (Fixed) (Total:14.14 GB) (Free:1.66 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:1863.02 GB) (Free:1392.43 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 093CCAFC)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=451.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.1 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=101 MB) - (Type=27)


    ========================================================
    Disk: 1 (Size: 1863 GB) (Disk ID: 9BDD2BA1)
    Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

    Result of Security Analysis by Rocket Grannie (x86) Updated: 7th December, 2016
    Running from:C:\Users\amberr\Desktop\Sysnative (16:17:56 - 12/07/2016)
    ***---------------------------------------------------------***
    Microsoft Windows 7 Professional X64 Service Pack 1
    UAC is Enabled!
    Internet Explorer 11
    Default Browser: Internet Explorer
    ***------------Antivirus - Antispyware - Firewall-----------***
    Sophos Anti-Virus (Enabled - Up to Date)
    Sophos Anti-Virus (Enabled - Up to Date)
    Windows Defender (Enabled - Up to Date)
    Windows Firewall (Enabled)
    *No other Firewall Installed*
    ***-------Security Programs - Browsers - Miscellaneous------***
    Adobe Flash Player Plugin is not installed
    Adobe Flash Player 23 ActiveX (version 23.0.0.205)
    Google Chrome (version 54)


    CCleaner (version 5.16) is *out of Date*
    Thunderbird (version 17.0.8) is *out of Date*


    ***----------------Analysis Complete-------------------------***


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Re: .osiris virus

    If it helps I know what file she clicked and I still have access to that file... receipt(5).docm

  3. #3
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: .osiris virus

    First things first, please understand that there is no file decrypter for Locky Ransomware. The only way to recover Locky encrypted files is to try and restore them from a backup, from file recovery software, or if you are lucky, the Shadow Volume Copies.

    Please download Malwarebytes Anti-Rootkit from here

    • Unzip the contents to a folder in a convenient location.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  4. #4

    Re: .osiris virus

    Scan finished - no malware found - did not produce a mbar-log.txt file. I am running the scan again to see if it will. Here is the system-log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.3.1001


    (c) Malwarebytes Corporation 2011-2012


    OS version: 6.1.7601 Windows 7 Service Pack 1 x64


    Account is Administrative


    Internet Explorer version: 11.0.9600.18524


    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
    CPU speed: 3.093000 GHz
    Memory total: 4177051648, free: 2046521344


    Downloaded database version: v2016.12.08.10
    Downloaded database version: v2016.11.20.01
    Downloaded database version: v2016.11.29.02
    Initializing...
    ======================
    Driver version: 0.3.0.4
    ------------ Kernel report ------------
    12/08/2016 08:00:00
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\DKDFM.sys
    \SystemRoot\system32\drivers\FLTMGR.SYS
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\DKTLFSMF.sys
    \SystemRoot\System32\Drivers\nlem64nt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\system32\DRIVERS\SophosED.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\savonaccess.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\sdcfilter.sys
    \SystemRoot\system32\drivers\intelppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\USBSTOR.SYS
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\drivers\usbccgp.sys
    \SystemRoot\system32\DRIVERS\dc3d.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\drivers\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point64.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\usbscan.sys
    \SystemRoot\system32\drivers\mqac.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\system32\DRIVERS\sntp.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\DKRtWrt.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    Done!


    Scan started
    Database versions:
    main: v2016.12.08.10
    rootkit: v2016.11.20.01


    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006db7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006db8040, DeviceName: Unknown, DriverName: \Driver\DKDFM\
    DevicePointer: 0xfffffa8006db7ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006db7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800414e2b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004154050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 93CCAFC


    Partition information:


    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition is bootable
    Partition file system is NTFS


    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 946702336
    Partition is not bootable
    Partition file system is NTFS


    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 946909184 Numsec = 29655040
    Partition is bootable
    Partition file system is NTFS


    Partition 3 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976564224 Numsec = 206848
    Partition is not bootable
    Partition file system is FAT32


    Disk Size: 500107862016 bytes
    Sector size: 512 bytes


    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa80080f0790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800809a760, DeviceName: Unknown, DriverName: \Driver\DKDFM\
    DevicePointer: 0xfffffa8007f72340, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80080f0790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80075afb60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9BDD2BA1


    Partition information:


    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3907027119
    Partition is not bootable
    Partition file system is NTFS


    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable


    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable


    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable


    Disk Size: 2000398933504 bytes
    Sector size: 512 bytes


    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa80044684f0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008b3c370, DeviceName: Unknown, DriverName: \Driver\DKDFM\
    DevicePointer: 0xfffffa800946c3e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80044684f0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8003b1b060, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4030201


    Partition information:


    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1104 Numsec = 7850928
    Partition is not bootable
    Partition file system is FAT32


    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable


    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable


    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable


    Disk Size: 4020240384 bytes
    Sector size: 512 bytes


    Done!
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.79" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.7C" is compressed (flags = 1)
    File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-0838D01DBCD3874401496B04F99DACAC0F44F6C8.bin.83" is compressed (flags = 1)
    File "C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt" is compressed (flags = 1)
    File "C:\ProgramData\Sophos\Sophos Device Control\logs\DeviceControl.txt" is compressed (flags = 1)
    Scan finished

  5. #5

    Re: .osiris virus

    Here is the mbar log:
    Malwarebytes Anti-Rootkit BETA 1.9.3.1001
    Malwarebytes | Free Cyber Security & Anti-Malware Software


    Database version:
    main: v2016.12.08.10
    rootkit: v2016.11.20.01


    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.18524
    Administrator :: AMBER [administrator]


    12/8/2016 8:00:17 AM
    mbar-log-2016-12-08 (08-00-17).txt


    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 448429
    Time elapsed: 28 minute(s), 5 second(s)


    Memory Processes Detected: 0
    (No malicious items detected)


    Memory Modules Detected: 0
    (No malicious items detected)


    Registry Keys Detected: 0
    (No malicious items detected)


    Registry Values Detected: 0
    (No malicious items detected)


    Registry Data Items Detected: 0
    (No malicious items detected)


    Folders Detected: 0
    (No malicious items detected)


    Files Detected: 0
    (No malicious items detected)


    Physical Sectors Detected: 0
    (No malicious items detected)


    (end)

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: .osiris virus

    Please see my reply to your post here. Thank you.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. [SOLVED] Is efnnouse.exe a virus?
    By MONKA in forum Security Arena
    Replies: 91
    Last Post: 07-15-2015, 12:38 PM
  2. Need Some Help w/ Virus or Rootkit
    By Fred Garvin in forum Security Arena
    Replies: 5
    Last Post: 12-17-2014, 10:12 AM
  3. possible virus
    By Ajalon in forum Security Arena
    Replies: 16
    Last Post: 08-05-2013, 09:46 AM
  4. When I say 'virus,' you know exactly what I mean
    By JMH in forum News You Can Use
    Replies: 0
    Last Post: 05-11-2012, 05:24 AM

Log in

Log in