Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Redirects/Popups - bdt.femurssculler.com Malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 threehairsinarow

threehairsinarow

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 03 June 2016 - 03:31 AM

After noticing Redirects/popups I ran Malwarebytes and quarantined everything it found.

 

I also ran AdwCleaner and reset Chrome.

 

I am still getting a few detections of bdt.femurssculler.com from Malwarebytes.

 

FRST log is here:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by Patrick (administrator) on PATRICK-VM (03-06-2016 17:32:05)
Running from C:\Users\Patrick\Desktop\Malware Removal
Loaded Profiles: Patrick (Available Profiles: Patrick & Jody C & Finn & rhysc & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Akamai Technologies, Inc.) C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-28] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7400576 2016-05-31] (AVAST Software)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-10-02] (GoPro)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [Google Update] => C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [MusicManager] => C:\Users\Patrick\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-18] (Google Inc.)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-05-11] (Google Inc.)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [22757568 2016-05-17] (Microsoft Corporation)
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\RunOnce: [Uninstall C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll [2016-05-31] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorVisionStartup.lnk [2016-06-03]
ShortcutTarget: ColorVisionStartup.lnk -> C:\Program Files (x86)\ColorVision\ColorVisionStartup\ColorVisionStartup.exe (Datacolor)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2016-06-03]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk [2016-06-03]
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA7DJRLN Product Registration.lnk [2016-06-03]
ShortcutTarget: Seagate NA7DJRLN Product Registration.lnk -> C:\Users\Patrick\AppData\Roaming\Leadertech\PowerRegister\Seagate NA7DJRLN Product Registration.exe (Leader Technologies/Seagate)
GroupPolicyUsers\S-1-5-21-4105375897-3493143710-3191475466-1004\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{348cf199-d4b5-4b61-b1e5-1ec228dd7bd6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{892151ac-14aa-4c29-a00c-a7ea6333ba4e}: [DhcpNameServer] 192.168.0.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130855810465166016&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130855810478564454&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4105375897-3493143710-3191475466-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4105375897-3493143710-3191475466-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-16] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-16] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-05-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-16] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-4105375897-3493143710-3191475466-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-16] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-16] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Homepage: hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files\MyCamera Download Plugin\NPCIG.dll [2008-10-16] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4105375897-3493143710-3191475466-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-4105375897-3493143710-3191475466-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Patrick\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-07-13] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\searchplugins\cddball.xml [2006-10-27]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\searchplugins\foodtv.xml [2010-03-31]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\searchplugins\freedict.xml [2009-07-01]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\searchplugins\hyperwords.xml [2009-08-01]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\searchplugins\IMDb.xml [2008-06-25]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\searchplugins\siteadvisor.xml [2006-10-27]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\searchplugins\webster.xml [2008-06-25]
FF Extension: No Name - C:\Documents and Settings\Patrick C\Application Data\Mozilla\Firefox\Profiles\dp6vax3t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [not found]
FF Extension: No Name - C:\Documents and Settings\Patrick C\Application Data\Mozilla\Firefox\Profiles\dp6vax3t.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D} [not found]
FF Extension: No Name - C:\Documents and Settings\Patrick C\Application Data\Mozilla\Firefox\Profiles\dp6vax3t.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [not found]
FF Extension: No Name - C:\Documents and Settings\Patrick C\Application Data\Mozilla\Firefox\Profiles\dp6vax3t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [not found]
FF Extension: No Name - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [not found]
FF Extension: No Name - C:\Documents and Settings\Patrick C\Application Data\Mozilla\Firefox\Profiles\dp6vax3t.default\extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9} [not found]
FF Extension: No Name - C:\Documents and Settings\Patrick C\Application Data\Mozilla\Firefox\Profiles\dp6vax3t.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [not found]
FF Extension: No Name - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\Extensions\temp [2010-12-23] [not signed]
FF Extension: FlashGot - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010-12-23] [not signed]
FF Extension: Google Toolbar for Firefox - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-23] [not signed]
FF Extension: NoScript - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010-12-23] [not signed]
FF Extension: Calculator - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\Extensions\{AA052FD6-366A-4771-A591-0D8DC551585D} [2010-12-23] [not signed]
FF Extension: Adblock Plus - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-12-23] [not signed]
FF Extension: MileWideBack - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\dp6vax3t.default\Extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9} [2010-12-23] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-05-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-05-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://mail.google.com/","hxxp://www.mdcalc.com/"
CHR DefaultSearchURL: Default -> web/?type=dspp&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (NPCIG.dll) - C:\Program Files\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (PCShow Player Plugin) - C:\Users\Patrick\AppData\Local\DIRECTV Player\npPlayerPlugin.dll => No File
CHR Plugin: (Google Update) - C:\Users\Patrick\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npo1d.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-09-18]
CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Download trailers from Apple) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnknafijpnamidpconobcgijlpafkojl [2013-07-30]
CHR Extension: (Adblock Plus) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (Google Search) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhapiedbmffnpkahkcjdjpikmodjipmd [2014-09-25]
CHR Extension: (Google News) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-03-05]
CHR Extension: (Video Downloader professional) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-06-03]
CHR Extension: (Avast SafePrice) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-31]
CHR Extension: (EditThisCookie) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Avast Online Security) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-31]
CHR Extension: (Drumpfinator) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcimhbfpiofdihhdnofbdlhjcmjopilp [2016-03-04]
CHR Extension: (Universal Search & IE8 Accelerators) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmcgifbelcmjecmkapejifljephjabjd [2013-08-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-07-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-19]
CHR Extension: (Poppit!) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2016-06-03]
CHR Extension: (Boomerang for Gmail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2013-08-05]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-07-30]
CHR Extension: (Gmail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (MP3 Downloader) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldidnmickidalpaoejffbkgkjfhohoe [2016-03-15]
CHR HKU\S-1-5-21-4105375897-3493143710-3191475466-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2016-05-31]
StartMenuInternet: Google Chrome.Jody C - C:\Users\Jody C\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [243296 2016-05-31] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [5570272 2016-05-31] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911472 2016-05-15] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-11] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [411648 2012-04-03] () [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ahcix64s; C:\Windows\system32\DRIVERS\ahcix64s.sys [209424 2007-12-20] (AMD Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-31] (AVAST Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MegaSR1; C:\Windows\system32\DRIVERS\MegaSR1.sys [462344 2009-07-09] (LSI Corporation, Inc.)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-05-31] (AVAST Software)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 nusb3hub; C:\Windows\system32\DRIVERS\nusb3hub.sys [77824 2010-01-23] (NEC Electronics Corporation) [File not signed]
S3 nusb3xhc; C:\Windows\system32\DRIVERS\nusb3xhc.sys [180224 2010-01-23] (NEC Electronics Corporation) [File not signed]
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [151848 2007-04-16] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 Si3124r5; C:\Windows\system32\DRIVERS\Si3124r5.sys [340008 2010-04-14] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22568 2010-04-14] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [16936 2010-04-14] (Silicon Image, Inc.)
S3 Spyder2; C:\Windows\system32\DRIVERS\Spyder2.sys [15360 2007-01-17] ()
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [323392 2016-05-31] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-03 17:31 - 2016-06-03 17:32 - 00000000 ___DC C:\FRST
2016-06-03 17:30 - 2016-06-03 17:30 - 00003810 _____ C:\WINDOWS\System32\Tasks\Patrick1 Merge
2016-06-03 17:30 - 2016-06-03 17:30 - 00003782 _____ C:\WINDOWS\System32\Tasks\Patrick1
2016-06-03 17:28 - 2016-06-03 17:32 - 00000000 ____D C:\Users\Patrick\Desktop\Malware Removal
2016-06-03 16:33 - 2016-06-03 16:48 - 00000000 ___DC C:\AdwCleaner
2016-06-03 13:03 - 2016-06-03 13:13 - 00010244 _____ C:\Users\Patrick\.DS_Store
2016-06-03 13:03 - 2016-06-03 13:05 - 00012292 _____ C:\Users\Patrick\Documents\.DS_Store
2016-06-03 08:44 - 2016-06-03 11:22 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-03 08:16 - 2016-06-03 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-06-03 07:57 - 2016-06-03 07:57 - 00000293 _____ C:\Users\Jody C\Downloads\Exhibitor_List_2015.vcf
2016-06-02 21:22 - 2016-06-02 21:22 - 00292853 _____ C:\Users\Patrick\Downloads\sarcoido (2).pdf
2016-06-02 21:14 - 2016-06-02 21:14 - 00292853 _____ C:\Users\Patrick\Downloads\sarcoido (1).pdf
2016-06-02 21:08 - 2016-06-02 21:08 - 00208419 _____ C:\Users\Patrick\Downloads\postmedj00311-0071e.pdf
2016-06-02 20:34 - 2016-06-02 20:34 - 00486742 _____ C:\Users\Patrick\Downloads\C P.pdf
2016-06-01 17:40 - 2016-06-01 17:40 - 02591241 _____ C:\Users\Patrick\Downloads\The Pulse - June 2016.pdf
2016-06-01 17:39 - 2016-06-01 17:39 - 00359834 _____ C:\Users\Patrick\Downloads\0616 Policy Bulletin.pdf
2016-06-01 17:37 - 2016-06-01 17:37 - 00407091 _____ C:\Users\Patrick\Downloads\Project Communiqué No 103.pdf
2016-06-01 17:30 - 2016-06-01 17:30 - 00657987 _____ C:\Users\Patrick\Downloads\New+NETS+Drug+Calculator.pdf
2016-06-01 14:09 - 2016-06-01 14:09 - 01418660 _____ C:\Users\Patrick\Downloads\cpg.pdf
2016-06-01 06:37 - 2016-06-01 06:37 - 00253494 _____ C:\Users\Jody C\Downloads\Market%20Leader%20Export%20Holly%20Connaker.csv
2016-05-31 20:44 - 2016-05-31 20:44 - 04469999 _____ C:\Users\Patrick\Downloads\2681_001.pdf
2016-05-31 08:31 - 2016-05-31 08:31 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-05-31 08:31 - 2016-05-31 08:31 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-05-31 04:23 - 2016-05-31 04:20 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-05-31 04:23 - 2016-05-31 04:19 - 00161760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2016-05-31 04:22 - 2016-05-31 04:21 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-05-31 04:21 - 2016-05-31 04:21 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-05-30 20:15 - 2016-05-30 20:15 - 02315150 _____ C:\Users\Jody C\Downloads\Plan .pdf
2016-05-30 20:10 - 2016-05-30 20:10 - 00538596 _____ C:\Users\Jody C\Downloads\Saacks.pdf
2016-05-30 20:08 - 2016-05-30 20:08 - 00019079 _____ C:\Users\Jody C\Downloads\PAYG_EoY_2014_15_60041871_949446084.pdf
2016-05-30 10:16 - 2016-05-30 10:16 - 00145207 _____ C:\Users\Jody C\Downloads\51098765(1) - Contract for Sale of Land 2005 Edition - Stage 7 (Update to lot 111).PDF
2016-05-29 16:18 - 2016-05-29 16:18 - 07971290 _____ C:\Users\Patrick\Downloads\Daren Englund - medical opinion request.pdf
2016-05-29 16:03 - 2016-05-29 16:03 - 00871541 _____ C:\Users\Patrick\Downloads\PD2012_016 (2).pdf
2016-05-29 16:03 - 2016-05-29 16:03 - 00871541 _____ C:\Users\Patrick\Downloads\PD2012_016 (1).pdf
2016-05-29 16:03 - 2016-05-29 16:03 - 00269746 _____ C:\Users\Patrick\Downloads\Attachment-A-Mandatory-Training-Requirements-4-weeks.pdf
2016-05-29 15:47 - 2016-05-29 15:47 - 01404126 _____ C:\Users\Patrick\Downloads\pbm-mod-5-qrg.pdf
2016-05-29 15:33 - 2016-05-29 15:33 - 02816051 _____ C:\Users\Patrick\Downloads\pbm-module-1-qrg.pdf
2016-05-29 14:48 - 2016-05-29 14:48 - 01223784 _____ C:\Users\Patrick\Downloads\pbm-module-4-qrg.pdf
2016-05-29 14:41 - 2016-05-29 14:41 - 01081838 _____ C:\Users\Patrick\Downloads\pbm-module-3-qrg.pdf
2016-05-29 14:31 - 2016-05-29 14:31 - 04411492 _____ C:\Users\Patrick\Downloads\pbm-module-1.pdf
2016-05-29 14:29 - 2016-05-29 14:29 - 00433664 _____ C:\Users\Patrick\Downloads\pbm-module1-mtp-template_0.ppt
2016-05-29 14:11 - 2016-05-29 14:11 - 00871541 _____ C:\Users\Patrick\Downloads\PD2012_016.pdf
2016-05-29 14:03 - 2016-05-29 14:03 - 04988689 _____ C:\Users\Patrick\Downloads\APPROPRIATE USE FINAL 30 August 11.pdf
2016-05-29 11:49 - 2016-05-29 11:49 - 00579340 _____ C:\Users\Patrick\Downloads\NONE (4).pdf
2016-05-29 09:48 - 2016-05-29 09:48 - 00256607 _____ C:\Users\Patrick\Downloads\ovidweb.tiff
2016-05-29 08:20 - 2016-05-29 08:20 - 00031539 _____ C:\Users\Patrick\Downloads\HUNTINGDALE-FLOOR-PLANS (2).pdf
2016-05-29 08:14 - 2016-05-29 08:14 - 00079226 _____ C:\Users\Patrick\Downloads\BATEMAN FLOOR PLAN (1).pdf
2016-05-28 17:24 - 2016-05-29 14:44 - 00363863 _____ C:\Users\Patrick\Downloads\Article.pdf
2016-05-28 16:14 - 2016-05-28 16:14 - 02946914 _____ C:\Users\Patrick\Downloads\Vol-121-No-1274-23-May-2008.pdf
2016-05-28 16:13 - 2016-05-28 16:13 - 00150682 _____ C:\Users\Patrick\Downloads\10.1.1.541.2161.pdf
2016-05-28 15:25 - 2016-05-28 15:25 - 00391238 _____ C:\Users\Patrick\Downloads\L05c LOA supervised practice & Reg 4.10_P_C.pdf
2016-05-28 09:06 - 2016-05-28 09:06 - 00115005 _____ C:\Users\Patrick\Downloads\Concept plan_ PENN Mod_ Lot 711 Crestwood_ C.pdf
2016-05-28 08:25 - 2016-05-28 08:25 - 04207443 _____ C:\Users\Patrick\Downloads\Kramer Joseph MedOp Request TDIU Back Hip to C May 2016 part 2.pdf
2016-05-28 08:25 - 2016-05-28 08:25 - 03270750 _____ C:\Users\Patrick\Downloads\Kramer MedOp Low Back TDIU to C May 2016, pt 1.pdf
2016-05-27 18:04 - 2016-05-27 18:04 - 00115005 _____ C:\Users\Jody C\Downloads\Concept plan_ PENN Mod_ Lot 711 Crestwood_ C.pdf
2016-05-26 16:13 - 2016-05-26 16:13 - 00274944 _____ C:\Users\Jody C\Downloads\XC16Grandstandmap.xls
2016-05-25 21:24 - 2016-05-25 21:24 - 00810488 _____ C:\Users\Jody C\Downloads\May 2016 Presentation.pptx.pptx
2016-05-25 15:01 - 2016-05-25 15:02 - 02315150 _____ C:\Users\Patrick\Downloads\4019_STAGE 7_SALES PLAN OVERALL_29-09-2015.pdf
2016-05-25 14:59 - 2016-05-25 14:59 - 00145207 _____ C:\Users\Patrick\Downloads\51098765(1) - Contract for Sale of Land 2005 Edition - Stage 7 (Update to lot 111).PDF
2016-05-25 09:28 - 2016-05-25 09:28 - 00079226 _____ C:\Users\Patrick\Downloads\BATEMAN FLOOR PLAN.pdf
2016-05-25 09:24 - 2016-05-25 09:24 - 04659263 _____ C:\Users\Patrick\Downloads\Medical Opinion Request for Curt Pocklington.pdf
2016-05-25 08:41 - 2016-05-25 08:41 - 00006303 _____ C:\Users\Patrick\Downloads\Payslip_60041871090520161_2496.pdf
2016-05-25 07:40 - 2016-05-25 08:53 - 18398857 _____ C:\Users\Jody C\Downloads\56eba245ad0a3 (3).zip
2016-05-24 22:02 - 2016-05-24 22:02 - 00690643 _____ C:\Users\Patrick\Downloads\Innes 2010 long-term efficacy & safety review.pdf
2016-05-24 20:08 - 2016-05-24 20:08 - 00124710 _____ C:\Users\Patrick\Downloads\Week 11 - S4 Stata Tutorial.pdf
2016-05-24 17:11 - 2016-06-03 11:22 - 00002178 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2016-05-24 16:12 - 2016-05-24 16:12 - 00119394 _____ C:\Users\Patrick\Downloads\MaxiSaver-432263269-12May2016.pdf
2016-05-24 15:13 - 2016-05-24 15:13 - 00249856 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2016-05-24 15:13 - 2016-05-24 15:13 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PS - Power and Sample Size Calculation
2016-05-24 15:13 - 2016-05-24 15:13 - 00000000 ____D C:\Program Files (x86)\PS
2016-05-24 15:12 - 2016-05-24 15:12 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2016-05-24 11:53 - 2016-05-24 11:53 - 00751650 _____ C:\Users\Patrick\Downloads\LB_HLP_The_Pinnacle_A4_Nov15_Proof_v5.pdf
2016-05-24 11:49 - 2016-05-24 11:49 - 00959394 _____ C:\Users\Patrick\Downloads\LB_FCD_A4_Jul15_WEB2.pdf
2016-05-24 11:18 - 2016-05-24 11:18 - 00004325 _____ C:\Users\Patrick\Downloads\Yaluma.kmz
2016-05-23 20:38 - 2016-05-23 20:39 - 01578421 _____ C:\Users\Patrick\Downloads\NONE (3).pdf
2016-05-23 07:26 - 2016-05-23 07:26 - 00032159 _____ C:\Users\Jody C\Downloads\RS Personable Marketing 260616 .xlsx
2016-05-22 21:49 - 2016-05-22 21:49 - 01499596 _____ C:\Users\Patrick\Downloads\2-2014-rev-OTS-Overview-for-website-new-format.pdf
2016-05-22 21:38 - 2016-05-22 21:38 - 00292853 _____ C:\Users\Patrick\Downloads\sarcoido.pdf
2016-05-22 21:36 - 2016-05-22 21:36 - 00179319 _____ C:\Users\Patrick\Downloads\Chapter 2 Epidemiology of sarcoidosis.pdf
2016-05-22 20:57 - 2016-05-22 20:58 - 00495277 _____ C:\Users\Patrick\Downloads\ijms-15-10116.pdf
2016-05-22 20:28 - 2016-05-22 20:30 - 07882050 _____ C:\Users\Patrick\Downloads\NONE (2).pdf
2016-05-22 18:19 - 2016-06-03 11:22 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-22 18:19 - 2016-05-22 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-22 18:17 - 2016-05-22 18:18 - 00000000 ____D C:\Program Files\iTunes
2016-05-22 18:17 - 2016-05-22 18:17 - 00000000 ____D C:\Program Files\iPod
2016-05-22 18:17 - 2016-05-22 18:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-22 07:46 - 2016-05-22 07:46 - 01184083 _____ C:\Users\Jody C\Downloads\iStock_000087717497_Illustration.zip
2016-05-22 07:43 - 2016-05-22 07:43 - 01365454 _____ C:\Users\Jody C\Downloads\iStock_000087198263_Illustration.zip
2016-05-22 07:42 - 2016-05-22 07:42 - 01847409 _____ C:\Users\Jody C\Downloads\iStock_000046656394_Illustration.zip
2016-05-22 07:42 - 2016-05-22 07:42 - 00834602 _____ C:\Users\Jody C\Downloads\iStock_000090347481_Illustration.zip
2016-05-22 07:39 - 2016-05-22 07:40 - 00920044 _____ C:\Users\Jody C\Downloads\iStock_000043249594_Illustration.zip
2016-05-22 07:22 - 2016-05-22 07:22 - 01199897 _____ C:\Users\Jody C\Downloads\iStock_000041673648_Illustration.zip
2016-05-21 13:13 - 2016-05-24 15:08 - 04603631 _____ C:\Users\Patrick\Downloads\Taylor Jerry Sarcoidosis and Apnea AOE MedOp Request to C May 2016.pdf
2016-05-21 07:28 - 2016-05-21 07:28 - 02160948 _____ C:\Users\Jody C\Downloads\iStock_000062647780_Illustration.zip
2016-05-20 19:06 - 2016-05-20 19:06 - 00764479 _____ C:\Users\Jody C\Downloads\thirsty rough.zip
2016-05-20 15:10 - 2016-05-20 15:15 - 00000000 ____D C:\Users\Jody C\Desktop\2016-05-20
2016-05-20 09:49 - 2016-05-20 09:49 - 00099787 _____ C:\Users\Patrick\Downloads\ACFrOgA3Hfc_rPURfm3bubVe13kflAR9B1yZDO0Qmra1Y7yA-2BA6A4fC0LbfTOrvzBIGUSCXfnjcpv7en7zETXbVs4A-CNjCVU7mJZt47MXFo7gaA9rP9cF4NuqnpU=.pdf
2016-05-19 15:04 - 2016-05-19 15:04 - 00483397 _____ C:\Users\Jody C\Downloads\401907P19B CCAD54 DWGVHY3B SEWER & WATER RETIC PLAN.PDF
2016-05-19 15:00 - 2016-05-19 15:00 - 04469999 _____ C:\Users\Jody C\Downloads\2681_001.pdf
2016-05-19 13:01 - 2016-05-19 13:01 - 19930328 _____ C:\Users\Jody C\Downloads\babysignlanguagecaregiverreferencechart.pdf
2016-05-19 07:29 - 2016-05-19 07:28 - 00820509 _____ C:\Users\Jody C\Desktop\2016 HEF Golf Day flyer 22 May.pdf
2016-05-19 07:28 - 2016-05-19 07:28 - 00820509 _____ C:\Users\Jody C\Downloads\2016 HEF Golf Day flyer 22 May.pdf
2016-05-18 21:38 - 2016-05-18 21:39 - 06178890 _____ C:\Users\Jody C\Downloads\noname.eml
2016-05-18 21:21 - 2016-05-18 21:21 - 00270575 _____ C:\Users\Jody C\Downloads\IMMI Grant Notification (1).pdf
2016-05-18 21:21 - 2016-05-18 21:21 - 00270575 _____ C:\Users\Jody C\Desktop\IMMI Grant Notification (1).pdf
2016-05-18 21:20 - 2016-05-18 21:20 - 00272093 _____ C:\Users\Jody C\Downloads\IMMI Grant Notification.pdf
2016-05-18 21:20 - 2016-05-18 21:20 - 00272093 _____ C:\Users\Jody C\Desktop\IMMI Grant Notification.pdf
2016-05-18 18:49 - 2016-05-18 18:49 - 00061989 _____ C:\Users\Patrick\Downloads\MaxiSaver-432263269-15Jul2015.pdf
2016-05-18 18:46 - 2016-05-18 18:47 - 06155314 _____ C:\Users\Patrick\Downloads\Shoemate Medical Opinion Request to Dr. C May 16.pdf
2016-05-18 18:38 - 2016-05-18 18:38 - 00026889 _____ C:\Users\Patrick\Downloads\527dbd41-3fe9-4897-b54c-3a062ec434b1.pdf
2016-05-17 21:49 - 2016-05-17 21:49 - 00028994 _____ C:\Users\Patrick\Downloads\Last 5 months bank activity.xlsx
2016-05-17 21:42 - 2016-05-18 09:36 - 00030707 _____ C:\Users\Jody C\Desktop\Last 5 months bank activity.xlsx
2016-05-17 21:39 - 2016-05-18 09:44 - 00003517 _____ C:\Users\Jody C\Downloads\trans170516 (1).csv
2016-05-17 21:37 - 2016-05-17 21:37 - 00045405 _____ C:\Users\Jody C\Downloads\trans170516.csv
2016-05-17 21:33 - 2016-05-17 21:33 - 00219166 _____ C:\Users\Jody C\Downloads\CompleteFreedom-493858645-06May2016.pdf
2016-05-17 19:50 - 2016-05-17 19:50 - 03860461 _____ C:\Users\Patrick\Downloads\SME004_OceanDriveDuplication_v3_LR (1).pdf
2016-05-17 18:02 - 2016-05-17 18:02 - 00049064 _____ C:\Users\Patrick\Downloads\mortgage-payment-calculator.xlsx
2016-05-17 18:00 - 2016-05-17 18:00 - 00048003 _____ C:\Users\Patrick\Downloads\lifetimecostTemplate5.xlsx
2016-05-17 17:35 - 2016-05-17 17:35 - 00008341 _____ C:\Users\Patrick\Downloads\Smartline Purchase costs land and home build_17May2016.xlsx
2016-05-17 17:30 - 2016-05-17 17:30 - 00070969 _____ C:\Users\Patrick\Downloads\Smartline Purchase costs land and home build_17May2016.pdf
2016-05-16 21:59 - 2016-05-16 21:59 - 00027174 _____ C:\Users\Patrick\Downloads\6f53ac3e-bef3-432a-9398-8c4d144cefcf.pdf
2016-05-16 17:14 - 2016-05-16 17:14 - 00470583 _____ C:\Users\Patrick\Downloads\impressions_Huntingdale 289_0.pdf
2016-05-16 17:14 - 2016-05-16 17:14 - 00077469 _____ C:\Users\Patrick\Downloads\better-homes-price-list.pdf
2016-05-16 17:13 - 2016-05-16 17:13 - 00031539 _____ C:\Users\Patrick\Downloads\HUNTINGDALE-FLOOR-PLANS (1).pdf
2016-05-16 12:45 - 2016-05-16 12:45 - 00062570 _____ C:\Users\Patrick\Downloads\ACFrOgC5Vay5VXgqAMOsWt52QVQhCiSjZEz7MXzI3fXJWww0Bzk25D1U0ys6u6diRi-UyRPCyrYEnuVERrHFlbLqCZkMo2cv6RbMWgN0d9JC3GdhqwASsbdS9lY1fkY=.pdf
2016-05-16 12:03 - 2016-05-16 12:03 - 00735945 _____ C:\Users\Patrick\Downloads\LB_HLP_Tranquility_A4_Nov15_Proof_v6.pdf
2016-05-16 11:30 - 2016-05-16 11:30 - 00483397 _____ C:\Users\Patrick\Downloads\401907P19B CCAD54 DWGVHY3B SEWER & WATER RETIC PLAN.PDF
2016-05-16 11:30 - 2016-05-16 11:30 - 00483397 _____ C:\Users\Patrick\Downloads\401907P19B CCAD54 DWGVHY3B SEWER & WATER RETIC PLAN (1).PDF
2016-05-16 11:26 - 2016-05-16 11:26 - 00031539 _____ C:\Users\Patrick\Downloads\HUNTINGDALE-FLOOR-PLANS.pdf
2016-05-16 11:08 - 2016-05-16 11:08 - 05903988 _____ C:\Users\Patrick\Downloads\wms-GINA-2016-main-report-final.pdf
2016-05-16 10:23 - 2016-05-16 10:23 - 00462353 _____ C:\Users\Patrick\Downloads\04_sec3_comp.pdf
2016-05-16 10:22 - 2016-05-16 10:22 - 00266569 _____ C:\Users\Patrick\Downloads\03_sec2_def.pdf
2016-05-16 09:58 - 2016-05-16 09:58 - 00006409 _____ C:\Users\Patrick\Downloads\Payslip_60041871110420161_2503 (2).pdf
2016-05-16 09:58 - 2016-05-16 09:58 - 00006368 _____ C:\Users\Patrick\Downloads\Payslip_60041871250420161_2561 (1).pdf
2016-05-16 09:49 - 2016-05-16 09:49 - 00124422 _____ C:\Users\Patrick\Downloads\v053p00308.pdf
2016-05-15 13:27 - 2016-05-15 13:27 - 00032246 _____ C:\Users\Patrick\Downloads\THE-GRANGE- LOWER-FLOOR-PLAN.pdf
2016-05-15 13:27 - 2016-05-15 13:27 - 00018110 _____ C:\Users\Patrick\Downloads\BHWM_THE OAKS_REV B - Sheet - A - PRESENTATION PLAN.pdf
2016-05-15 12:25 - 2016-05-15 12:25 - 00000801 _____ C:\Users\Jody C\Documents\Desktop - Shortcut.lnk
2016-05-14 13:24 - 2016-05-16 17:06 - 03493128 _____ C:\Users\Patrick\Downloads\Ivery Medical Opinion Request to Dr. C May 16.pdf
2016-05-14 08:01 - 2016-05-14 08:01 - 00282929 _____ C:\Users\Patrick\Downloads\CanberraHosp-5-May-2016.pdf
2016-05-13 15:49 - 2016-05-13 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-13 08:35 - 2016-05-13 08:36 - 18398857 _____ C:\Users\Jody C\Downloads\56eba245ad0a3 (2).zip
2016-05-13 08:29 - 2016-05-13 08:29 - 18398857 _____ C:\Users\Jody C\Downloads\56eba245ad0a3 (1).zip
2016-05-11 20:30 - 2016-05-11 20:30 - 02336574 _____ C:\Users\Patrick\Downloads\HIFVisitorsCoverPDS (2).pdf
2016-05-11 20:16 - 2016-04-23 14:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 20:16 - 2016-04-23 14:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 20:16 - 2016-04-23 14:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 20:16 - 2016-04-23 14:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 20:16 - 2016-04-23 14:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 20:16 - 2016-04-23 14:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 20:16 - 2016-04-23 14:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 20:16 - 2016-04-23 14:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 20:16 - 2016-04-23 14:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 20:16 - 2016-04-23 14:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 20:16 - 2016-04-23 14:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 20:16 - 2016-04-23 14:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 20:16 - 2016-04-23 14:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 20:16 - 2016-04-23 14:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 20:16 - 2016-04-23 14:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 20:16 - 2016-04-23 14:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 20:16 - 2016-04-23 14:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 20:16 - 2016-04-23 14:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 20:15 - 2016-04-30 16:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 20:15 - 2016-04-23 16:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 20:15 - 2016-04-23 16:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 20:15 - 2016-04-23 16:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 20:15 - 2016-04-23 16:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 20:15 - 2016-04-23 16:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 20:15 - 2016-04-23 16:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 20:15 - 2016-04-23 15:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 20:15 - 2016-04-23 15:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 20:15 - 2016-04-23 15:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 20:15 - 2016-04-23 15:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 20:15 - 2016-04-23 15:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 20:15 - 2016-04-23 15:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 20:15 - 2016-04-23 15:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 20:15 - 2016-04-23 15:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 20:15 - 2016-04-23 15:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 20:15 - 2016-04-23 15:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 20:15 - 2016-04-23 15:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 20:15 - 2016-04-23 15:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 20:15 - 2016-04-23 15:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 20:15 - 2016-04-23 15:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 20:15 - 2016-04-23 15:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 20:15 - 2016-04-23 15:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 20:15 - 2016-04-23 14:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 20:15 - 2016-04-23 14:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 20:15 - 2016-04-23 14:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 20:15 - 2016-04-23 14:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 20:15 - 2016-04-23 14:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 20:15 - 2016-04-23 14:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 20:15 - 2016-04-23 14:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 20:15 - 2016-04-23 14:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 20:15 - 2016-04-23 14:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 20:15 - 2016-04-23 14:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 20:15 - 2016-04-23 14:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 20:15 - 2016-04-23 14:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 20:15 - 2016-04-23 14:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 20:15 - 2016-04-23 14:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 20:15 - 2016-04-23 14:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 20:15 - 2016-04-23 14:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 20:15 - 2016-04-23 14:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 20:15 - 2016-04-23 14:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 20:15 - 2016-04-23 14:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 20:15 - 2016-04-23 14:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 20:15 - 2016-04-23 14:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 20:15 - 2016-04-23 14:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 20:15 - 2016-04-23 14:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 20:15 - 2016-04-23 14:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 20:15 - 2016-04-23 14:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 20:15 - 2016-04-23 14:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 20:15 - 2016-04-23 14:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 20:15 - 2016-04-23 14:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 20:15 - 2016-04-23 14:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 20:15 - 2016-04-23 14:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 20:15 - 2016-04-23 14:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 20:15 - 2016-04-23 14:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 20:15 - 2016-04-23 14:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 20:15 - 2016-04-23 14:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 20:15 - 2016-04-23 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 20:15 - 2016-04-23 14:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 20:15 - 2016-04-23 14:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 20:15 - 2016-04-23 14:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 20:15 - 2016-04-23 14:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 20:15 - 2016-04-23 14:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 20:15 - 2016-04-23 14:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 20:15 - 2016-04-23 14:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 20:15 - 2016-04-23 14:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 20:15 - 2016-04-23 14:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 20:15 - 2016-04-23 14:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 20:14 - 2016-05-06 14:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 20:14 - 2016-05-06 14:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 20:14 - 2016-05-06 14:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 20:14 - 2016-05-06 13:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 20:14 - 2016-05-06 13:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 20:14 - 2016-05-06 13:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 20:14 - 2016-05-06 13:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 20:14 - 2016-05-06 13:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 20:14 - 2016-04-30 16:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 20:14 - 2016-04-23 16:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 20:14 - 2016-04-23 16:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 20:14 - 2016-04-23 15:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 20:14 - 2016-04-23 15:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 20:14 - 2016-04-23 15:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 20:14 - 2016-04-23 15:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 20:14 - 2016-04-23 15:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 20:14 - 2016-04-23 15:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 20:14 - 2016-04-23 15:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 20:14 - 2016-04-23 15:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 20:14 - 2016-04-23 15:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 20:14 - 2016-04-23 15:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 20:14 - 2016-04-23 15:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 20:14 - 2016-04-23 15:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 20:14 - 2016-04-23 15:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 20:14 - 2016-04-23 15:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 20:14 - 2016-04-23 15:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 20:14 - 2016-04-23 15:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 20:14 - 2016-04-23 15:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 20:14 - 2016-04-23 15:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 20:14 - 2016-04-23 15:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 20:14 - 2016-04-23 15:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 20:14 - 2016-04-23 15:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 20:14 - 2016-04-23 15:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 20:14 - 2016-04-23 15:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 20:14 - 2016-04-23 15:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 20:14 - 2016-04-23 15:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 20:14 - 2016-04-23 15:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 20:14 - 2016-04-23 15:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 20:14 - 2016-04-23 15:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 20:14 - 2016-04-23 15:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 20:14 - 2016-04-23 15:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 20:14 - 2016-04-23 15:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 20:14 - 2016-04-23 15:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 20:14 - 2016-04-23 15:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 20:14 - 2016-04-23 15:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 20:14 - 2016-04-23 15:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 20:14 - 2016-04-23 15:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 20:14 - 2016-04-23 15:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 20:14 - 2016-04-23 15:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 20:14 - 2016-04-23 14:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 20:14 - 2016-04-23 14:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 20:14 - 2016-04-23 14:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 20:14 - 2016-04-23 14:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 20:14 - 2016-04-23 14:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 20:14 - 2016-04-23 14:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 20:14 - 2016-04-23 14:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 20:14 - 2016-04-23 14:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 20:14 - 2016-04-23 14:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 20:14 - 2016-04-23 14:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 20:14 - 2016-04-23 14:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 20:14 - 2016-04-23 14:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 20:14 - 2016-04-23 14:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 20:14 - 2016-04-23 14:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 20:14 - 2016-04-23 14:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 20:14 - 2016-04-23 14:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 20:14 - 2016-04-23 14:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 20:14 - 2016-04-23 14:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 20:14 - 2016-04-23 14:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 20:14 - 2016-04-23 14:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 20:14 - 2016-04-23 14:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 20:14 - 2016-04-23 14:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 20:14 - 2016-04-23 14:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 20:14 - 2016-04-23 14:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 20:14 - 2016-04-23 14:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 20:14 - 2016-04-23 14:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 20:14 - 2016-04-23 14:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 20:14 - 2016-04-23 14:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 20:14 - 2016-04-23 14:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 20:14 - 2016-04-23 14:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 20:14 - 2016-04-23 14:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 20:14 - 2016-04-23 14:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 20:14 - 2016-04-23 14:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 20:14 - 2016-04-23 14:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 20:14 - 2016-04-23 14:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 20:14 - 2016-04-23 14:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 20:14 - 2016-04-23 14:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 20:14 - 2016-04-23 14:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 20:14 - 2016-04-23 14:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 20:14 - 2016-04-23 14:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 20:14 - 2016-04-23 14:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 20:14 - 2016-04-23 14:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 20:14 - 2016-04-23 14:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 20:14 - 2016-04-23 14:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 20:14 - 2016-04-23 14:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 20:14 - 2016-04-23 14:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 20:14 - 2016-04-23 14:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 20:14 - 2016-04-23 14:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 20:14 - 2016-04-23 14:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 20:14 - 2016-04-23 14:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 20:14 - 2016-04-23 14:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 20:14 - 2016-04-23 14:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 20:14 - 2016-04-23 14:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 20:14 - 2016-04-23 14:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 20:14 - 2016-04-23 14:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 20:14 - 2016-04-23 14:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 20:14 - 2016-04-23 14:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 20:14 - 2016-04-23 14:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 20:14 - 2016-04-23 14:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 20:14 - 2016-04-23 14:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 20:14 - 2016-04-23 14:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 20:14 - 2016-04-23 14:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 20:14 - 2016-04-23 14:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 20:14 - 2016-04-23 14:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 20:14 - 2016-04-23 14:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 20:14 - 2016-04-23 14:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 20:14 - 2016-04-23 14:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 20:14 - 2016-04-23 14:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 20:14 - 2016-04-23 14:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 20:14 - 2016-04-23 14:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 20:14 - 2016-04-23 14:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 20:14 - 2016-04-23 14:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 20:14 - 2016-04-23 14:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 20:14 - 2016-04-23 14:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 20:14 - 2016-04-23 14:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 20:14 - 2016-04-23 14:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 20:14 - 2016-04-23 14:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 20:14 - 2016-04-23 14:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 20:14 - 2016-04-23 14:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 20:14 - 2016-04-23 14:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 20:14 - 2016-04-23 14:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 20:14 - 2016-04-23 14:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 20:14 - 2016-04-23 14:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 20:14 - 2016-04-23 14:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 20:14 - 2016-04-23 14:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 20:14 - 2016-04-23 13:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 20:14 - 2016-04-23 12:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 20:13 - 2016-04-23 12:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 20:13 - 2016-04-19 08:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 18:50 - 2016-05-11 18:50 - 00517434 _____ C:\Users\Patrick\Downloads\FSS048 (1).pdf
2016-05-11 18:44 - 2016-05-11 18:44 - 00369917 _____ C:\Users\Patrick\Downloads\107_1498-686950.0 (1).pdf
2016-05-11 18:40 - 2016-05-11 18:41 - 00219166 _____ C:\Users\Patrick\Downloads\CompleteFreedom-493858645-06May2016.pdf
2016-05-11 18:33 - 2016-05-11 18:33 - 00117271 _____ C:\Users\Patrick\Downloads\MaxiSaver-432263269-16Nov2015 (2).pdf
2016-05-11 18:33 - 2016-05-11 18:33 - 00117271 _____ C:\Users\Patrick\Downloads\MaxiSaver-432263269-16Nov2015 (1).pdf
2016-05-11 18:32 - 2016-05-11 18:32 - 00067172 _____ C:\Users\Patrick\Downloads\MaxiSaver-432263269-16May2015 (3).pdf
2016-05-11 18:25 - 2016-05-11 18:25 - 00006409 _____ C:\Users\Patrick\Downloads\Payslip_60041871110420161_2503 (1).pdf
2016-05-11 18:24 - 2016-05-11 18:24 - 00006139 _____ C:\Users\Patrick\Downloads\ACFrOgCTnSS2Drh2b7XKDtuMUWg9ycv4B7HfZaphAFKnCU2-zWkF70etkrhQMI3I3xq_dEcemUgtIIMuRqBADbtSrG89PdYmb6VPB_gmv2Pf4qkuLOOluFDjoMT74z8=.pdf
2016-05-11 17:54 - 2016-05-11 17:54 - 05084909 _____ C:\Users\Patrick\Downloads\2015-lhd-mnc.pdf
2016-05-11 17:50 - 2016-05-11 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-05-11 17:41 - 2016-05-11 17:41 - 00006368 _____ C:\Users\Patrick\Downloads\Payslip_60041871250420161_2561.pdf
2016-05-11 17:40 - 2016-05-11 17:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-11 17:40 - 2016-05-11 17:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-11 08:27 - 2016-05-27 16:38 - 00000000 ____D C:\Users\Jody C\Desktop\Rhys Photography JPEG-PNG
2016-05-11 08:08 - 2016-05-20 19:03 - 00000000 ____D C:\Users\Jody C\Desktop\Rhys Photography
2016-05-10 12:39 - 2016-05-10 12:40 - 00000000 ____D C:\Users\Jody C\Desktop\Shutterstock Images
2016-05-10 12:10 - 2016-05-10 12:10 - 09516229 _____ C:\Users\Jody C\Downloads\iStock_000053252088_Illustration.zip
2016-05-10 12:09 - 2016-05-10 12:10 - 05610378 _____ C:\Users\Jody C\Downloads\iStock_000089932507_Illustration.zip
2016-05-10 11:58 - 2016-05-10 11:58 - 05580979 _____ C:\Users\Jody C\Downloads\iStock_000039156742_Illustration.zip
2016-05-10 07:13 - 2016-05-10 07:13 - 00000222 _____ C:\Users\Jody C\Downloads\Ann Barrett (1).vcf
2016-05-10 07:12 - 2016-05-10 07:12 - 00000222 _____ C:\Users\Jody C\Downloads\Ann Barrett.vcf
2016-05-09 20:48 - 2016-05-09 20:48 - 00045610 _____ C:\Users\Jody C\Downloads\trans090516 (2).csv
2016-05-09 20:43 - 2016-05-09 20:43 - 00003024 _____ C:\Users\Jody C\Downloads\trans090516 (1).csv
2016-05-09 20:39 - 2016-05-09 20:39 - 00003024 _____ C:\Users\Jody C\Downloads\trans090516.csv
2016-05-09 18:52 - 2016-05-09 18:52 - 00194433 _____ C:\Users\Patrick\Downloads\May PMBH 2016 ED Roster - Mid North Coast.pdf
2016-05-09 18:52 - 2016-05-09 18:52 - 00188809 _____ C:\Users\Patrick\Downloads\June PMBH 2016 ED Roster - Mid North Coast.pdf
2016-05-09 18:50 - 2016-05-09 18:50 - 01094061 _____ C:\Users\Patrick\Downloads\Floor Plan.pdf
2016-05-08 20:24 - 2016-05-08 20:24 - 40720573 _____ C:\Users\Jody C\Downloads\675633-newsletter-ter.pdf
2016-05-07 17:55 - 2016-05-07 17:55 - 00348198 _____ C:\Users\Patrick\Downloads\homeland-lot14-redochre.pdf
2016-05-07 17:08 - 2016-05-07 17:08 - 00064098 _____ C:\Users\Patrick\Downloads\Assessment 3 2016.pdf
2016-05-06 20:52 - 2016-05-06 20:52 - 00871682 _____ C:\Users\Patrick\Downloads\REG457_v2_Specialist_Training_Program.pdf
2016-05-06 20:52 - 2016-05-06 20:52 - 00243921 _____ C:\Users\Patrick\Downloads\STP-Regs_Update.pdf
2016-05-06 20:49 - 2016-05-06 20:50 - 00723439 _____ C:\Users\Patrick\Downloads\2016-17_Budget_Overview_Health_FINAL_May_2016.pdf
2016-05-06 20:48 - 2016-05-06 20:48 - 00354539 _____ C:\Users\Patrick\Downloads\ACEM_Board_Governance_Communique_Meeting11Apr16.pdf
2016-05-06 20:24 - 2016-05-06 20:24 - 00204112 _____ C:\Users\Patrick\Downloads\canada_time_animation.kmz
2016-05-06 20:24 - 2016-05-06 20:24 - 00001523 _____ C:\Users\Patrick\Downloads\canada_latest_lg_incidents.kml
2016-05-05 14:59 - 2016-05-05 14:59 - 00068608 _____ C:\Users\Patrick\Downloads\Westpac Meal Entertainment Card App June 14.pdf
2016-05-05 14:55 - 2016-05-05 14:55 - 00076491 _____ C:\Users\Patrick\Downloads\Benefit Confirmation Schedule 13083407-01.pdf
2016-05-05 14:46 - 2016-05-05 14:46 - 00001692 _____ C:\Users\Patrick\Downloads\TransactionHistory_20160505_024731.csv
2016-05-05 11:55 - 2016-05-05 11:55 - 00151447 _____ C:\Users\Patrick\Downloads\sect_23_prostate.pdf
2016-05-05 11:47 - 2016-05-05 11:47 - 02565865 _____ C:\Users\Patrick\Downloads\18114.pdf
2016-05-05 08:51 - 2016-05-05 08:51 - 00808969 _____ C:\Users\Patrick\Downloads\JRAP001-Ascot_Stage-2_Detail_Sept-15_V1.pdf
2016-05-05 08:50 - 2016-05-05 08:50 - 02254099 _____ C:\Users\Patrick\Downloads\Ascot_Stage-2_Detail_16_V2.pdf
2016-05-05 08:49 - 2016-05-05 08:49 - 00259707 _____ C:\Users\Patrick\Downloads\Price_List_Stage_1B_Ascot_Park.pdf
2016-05-05 08:48 - 2016-05-05 08:48 - 01003505 _____ C:\Users\Patrick\Downloads\JRAP001-Ascot-Masterplan_Stage-2_Sept-15_V1.pdf
2016-05-05 06:59 - 2016-05-05 06:59 - 00110244 _____ C:\Users\Jody C\Downloads\Zonta District Logo_Vertical_Color.pdf
2016-05-05 06:52 - 2016-05-05 06:52 - 00217177 _____ C:\Users\Jody C\Downloads\CompleteFreedom-493858645-06Nov2015 (6).pdf
2016-05-05 06:50 - 2016-05-05 06:50 - 00217177 _____ C:\Users\Jody C\Downloads\CompleteFreedom-493858645-06Nov2015 (5).pdf
2016-05-05 06:50 - 2016-05-05 06:50 - 00217177 _____ C:\Users\Jody C\Downloads\CompleteFreedom-493858645-06Nov2015 (4).pdf
2016-05-04 10:39 - 2016-05-04 10:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Skype
2016-05-04 08:47 - 2016-05-04 08:47 - 00000004 _____ C:\Users\Jody C\Downloads\export (9).csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-03 17:22 - 2015-11-19 04:02 - 00000614 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4105375897-3493143710-3191475466-1003.job
2016-06-03 17:14 - 2011-01-14 01:14 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1003UA.job
2016-06-03 17:12 - 2010-12-23 01:48 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-03 17:07 - 2015-11-30 07:20 - 01009756 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-03 17:07 - 2015-11-11 10:02 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-03 17:07 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-03 17:07 - 2011-01-10 03:37 - 00000000 ___RD C:\Users\Patrick\Dropbox
2016-06-03 17:06 - 2014-03-24 05:41 - 00000000 ___RD C:\Users\Patrick\Google Drive
2016-06-03 17:05 - 2015-11-11 10:02 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-03 17:05 - 2014-09-25 04:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-03 17:05 - 2010-12-23 01:48 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-03 17:01 - 2015-09-01 21:54 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-06-03 17:00 - 2015-11-30 09:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-03 17:00 - 2015-11-30 07:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-03 16:59 - 2015-10-30 16:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-06-03 16:52 - 2013-03-14 01:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-03 16:47 - 2010-12-22 11:46 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1001UA.job
2016-06-03 16:12 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-03 16:09 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 16:04 - 2016-01-31 11:28 - 00002407 _____ C:\Users\rhysc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-03 16:04 - 2016-01-31 11:28 - 00000000 ___RD C:\Users\rhysc\OneDrive
2016-06-03 16:04 - 2016-01-31 11:27 - 00000000 ____D C:\Users\rhysc\AppData\Local\Dropbox
2016-06-03 16:02 - 2016-01-31 11:24 - 00000000 ___RD C:\Users\rhysc\Virtual Machines
2016-06-03 16:02 - 2015-11-30 10:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-03 15:40 - 2015-11-19 04:02 - 00000710 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4105375897-3493143710-3191475466-1003.job
2016-06-03 13:04 - 2005-10-28 08:28 - 00000000 ___DC C:\Users\Patrick\Documents\My Downloads
2016-06-03 13:03 - 2015-11-30 07:23 - 00000000 ____D C:\Users\Patrick
2016-06-03 11:23 - 2016-03-03 10:22 - 00000000 ___RD C:\Users\Jody C\Creative Cloud Files
2016-06-03 11:23 - 2015-05-27 09:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-03 11:23 - 2014-06-06 03:20 - 00000000 ___RD C:\Users\Jody C\Dropbox
2016-06-03 11:23 - 2005-11-03 01:45 - 00000000 ___DC C:\Users\Jody C\AppData\Local\Adobe
2016-06-03 11:22 - 2016-04-26 17:08 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-03 11:22 - 2016-04-17 07:32 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-06-03 11:22 - 2016-03-23 12:31 - 00002234 _____ C:\Users\Patrick\Desktop\Spyder2express 2.3.6.lnk
2016-06-03 11:22 - 2016-03-13 14:48 - 00001064 _____ C:\Users\Public\Desktop\Arduino.lnk
2016-06-03 11:22 - 2016-03-03 10:10 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-06-03 11:22 - 2016-01-18 11:55 - 00000931 _____ C:\Users\Patrick\Desktop\Video Downloader Ultimate.lnk
2016-06-03 11:22 - 2016-01-13 16:31 - 00001771 _____ C:\Users\Patrick\Desktop\Quicken 2013.lnk
2016-06-03 11:22 - 2015-11-30 10:23 - 00002413 _____ C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-03 11:22 - 2015-08-06 12:32 - 00001067 _____ C:\Users\Patrick\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
2016-06-03 11:22 - 2015-08-06 12:31 - 00001029 _____ C:\Users\Patrick\Desktop\Adobe Bridge CS6 (64bit).lnk
2016-06-03 11:22 - 2014-03-24 05:41 - 00001786 _____ C:\Users\Patrick\Desktop\Google Drive.lnk
2016-06-03 11:22 - 2012-08-18 02:29 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
2016-06-03 11:22 - 2012-08-18 02:29 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-06-03 11:22 - 2011-04-04 10:13 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-06-03 11:22 - 2009-07-14 14:57 - 00001364 _____ C:\Users\Patrick\Desktop\Speech Recognition.lnk
2016-06-03 11:13 - 2015-11-30 10:16 - 00000258 __RSH C:\Users\Patrick\ntuser.pol
2016-06-03 11:06 - 2016-04-26 17:08 - 00002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-06-03 11:06 - 2016-04-26 17:08 - 00002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-06-03 11:06 - 2016-04-26 17:08 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-03 11:06 - 2016-04-26 17:08 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-03 11:06 - 2016-04-26 17:08 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-03 11:06 - 2016-04-26 17:08 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-03 11:06 - 2016-04-26 17:08 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-03 11:06 - 2016-04-26 17:08 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-03 11:06 - 2016-03-13 14:48 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2016-06-03 11:06 - 2016-03-04 14:52 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-06-03 11:06 - 2016-03-03 10:56 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2016-06-03 11:06 - 2015-11-30 08:59 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-03 11:06 - 2015-06-05 08:42 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-06-03 11:06 - 2015-01-19 15:45 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-03 11:06 - 2014-01-08 06:48 - 00000938 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-06-03 11:06 - 2013-06-21 03:00 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicasaUploaderDesktop.lnk
2016-06-03 11:06 - 2011-10-31 12:47 - 00001744 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Story 3 for Windows.lnk
2016-06-03 11:06 - 2011-04-04 10:14 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 9.lnk
2016-06-03 11:06 - 2010-12-23 09:51 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-06-03 11:06 - 2010-12-22 16:28 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-06-03 11:06 - 2010-12-22 16:28 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-06-03 11:06 - 2010-12-22 16:28 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-06-03 08:44 - 2014-09-25 04:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-03 08:44 - 2014-09-25 04:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-03 08:16 - 2013-06-19 23:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-06-03 08:14 - 2011-01-14 01:14 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1003Core.job
2016-06-03 07:50 - 2015-11-30 15:20 - 00000000 ____D C:\Users\Jody C\AppData\Local\Packages
2016-06-03 07:47 - 2010-12-22 11:46 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1001Core.job
2016-06-03 02:00 - 2010-12-22 12:19 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2016-06-02 21:32 - 2015-11-30 10:16 - 00000000 ____D C:\Users\Patrick\AppData\Local\Packages
2016-06-01 05:29 - 2015-08-01 18:54 - 00000000 ___DC C:\Users\Jody C\AppData\Local\Citrix
2016-05-31 07:58 - 2015-09-09 07:12 - 00000000 ____D C:\Users\Jody C\Desktop\Marketing Projects
2016-05-31 06:54 - 2012-07-19 07:09 - 00004008 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-05-31 04:22 - 2014-01-11 16:58 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-05-31 04:22 - 2013-10-25 00:50 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-31 04:22 - 2013-03-06 04:14 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-05-31 04:21 - 2014-04-29 03:53 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-05-31 04:21 - 2013-03-06 04:14 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-05-31 04:21 - 2012-03-22 14:16 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-05-31 04:21 - 2010-12-23 08:31 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-05-31 04:21 - 2010-12-23 08:31 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-05-31 04:20 - 2011-05-24 07:21 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-05-30 11:10 - 2016-01-18 07:44 - 00017238 _____ C:\Users\Jody C\Desktop\Timesheet.xlsx
2016-05-29 14:22 - 2010-12-22 12:16 - 00000000 ____D C:\Users\Patrick\AppData\Local\Microsoft Help
2016-05-28 15:32 - 2014-03-03 04:42 - 00000000 ___DC C:\Users\Patrick\AppData\Local\ElevatedDiagnostics
2016-05-28 15:13 - 2014-07-17 23:01 - 00007619 ____C C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2016-05-28 14:17 - 2010-12-23 09:05 - 00000000 ____D C:\ProgramData\ZoomBrowser
2016-05-28 13:58 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-28 13:50 - 2010-12-16 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-28 13:05 - 2007-11-27 08:59 - 00000000 ___DC C:\Users\Patrick\AppData\Roaming\ZoomBrowser EX
2016-05-27 17:18 - 2005-11-28 12:02 - 00187904 ____C C:\Users\Jody C\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-27 17:10 - 2015-05-06 10:41 - 00000000 ____D C:\Users\Jody C\Desktop\Rhys' Art
2016-05-27 10:56 - 2015-11-04 08:11 - 00000000 ____D C:\Users\Jody C\Desktop\Jody Logos
2016-05-27 10:56 - 2015-09-02 07:17 - 00001456 ____C C:\Users\Jody C\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-05-26 14:14 - 2016-03-19 08:17 - 00000000 ____D C:\Users\Jody C\AppData\Local\CrashDumps
2016-05-25 15:08 - 2016-03-23 12:41 - 00000000 ____D C:\Users\Patrick\AppData\Local\CrashDumps
2016-05-25 07:07 - 2014-06-06 03:19 - 00000000 ____D C:\Users\Jody C\AppData\Roaming\Dropbox
2016-05-24 20:43 - 2016-03-01 11:29 - 00000000 ____D C:\Program Files (x86)\Stata14
2016-05-24 17:54 - 2015-08-05 14:46 - 00003582 _____ C:\WINDOWS\System32\Tasks\Patrick DBAgent 2 0
2016-05-24 17:54 - 2015-05-04 17:09 - 00003600 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2016-05-24 17:11 - 2015-06-13 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2016-05-24 15:17 - 2015-11-30 07:12 - 05025376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-22 18:17 - 2010-12-23 09:51 - 00000000 ___DC C:\Program Files\Common Files\Apple
2016-05-21 11:32 - 2015-11-19 04:02 - 00003880 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4105375897-3493143710-3191475466-1003
2016-05-21 11:32 - 2015-11-19 04:02 - 00003784 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4105375897-3493143710-3191475466-1003
2016-05-20 12:16 - 2012-05-01 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-14 12:59 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 07:57 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 15:50 - 2015-06-30 10:42 - 00000000 ___DC C:\Users\Patrick\AppData\Local\Dropbox
2016-05-13 15:49 - 2015-11-11 10:02 - 00000000 ___DC C:\Program Files (x86)\Dropbox
2016-05-13 15:41 - 2010-12-21 09:23 - 00000000 ___RD C:\Users\Patrick\Virtual Machines
2016-05-13 06:42 - 2010-12-23 03:18 - 00000000 ___RD C:\Users\Jody C\Virtual Machines
2016-05-13 03:03 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 03:03 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 03:02 - 2015-10-30 19:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 03:02 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 03:02 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 03:01 - 2015-10-30 17:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 05:57 - 2015-10-30 17:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-12 05:57 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 21:33 - 2013-08-14 18:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 21:00 - 2010-12-22 12:00 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 08:09 - 2011-01-14 01:14 - 00004078 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1003UA
2016-05-11 08:09 - 2011-01-14 01:14 - 00003702 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1003Core
2016-05-11 07:42 - 2010-12-22 11:46 - 00004060 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1001UA
2016-05-11 07:42 - 2010-12-22 11:46 - 00003684 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4105375897-3493143710-3191475466-1001Core
2016-05-11 07:07 - 2010-12-23 01:48 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 07:07 - 2010-12-23 01:48 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 18:35 - 2007-12-14 03:09 - 00000000 ___DC C:\Users\Jody C\AppData\Roaming\ZoomBrowser EX
2016-05-09 21:03 - 2011-01-14 01:22 - 00000000 ___DC C:\Users\Jody C\AppData\Local\Microsoft Help
2016-05-09 19:05 - 2015-11-30 07:22 - 00000000 ____D C:\Users\Jody C
2016-05-08 21:28 - 2016-04-22 09:19 - 00011567 _____ C:\Users\Jody C\Desktop\Weekly schedule.xlsx
2016-05-08 21:17 - 2015-09-09 07:13 - 00000000 ____D C:\Users\Jody C\Desktop\Photography
2016-05-08 19:00 - 2016-01-31 11:24 - 00000000 ____D C:\Users\rhysc
2016-05-08 12:47 - 2011-01-10 14:08 - 00000000 ____D C:\Users\Jody C\Jody Files
2016-05-04 02:00 - 2016-02-02 17:22 - 00000000 ____D C:\Users\rhysc\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2015-02-08 11:36 - 2015-02-08 11:37 - 0000190 _____ () C:\Users\Patrick\AppData\Roaming\settings.xml
2005-11-01 12:54 - 2015-05-22 09:55 - 0243200 ____C () C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-17 23:01 - 2016-05-28 15:13 - 0007619 ____C () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2010-12-24 01:24 - 2010-12-24 01:43 - 0000304 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-03-31 09:18 - 2016-03-31 09:18 - 0000016 _____ () C:\ProgramData\mntemp
 
Files to move or delete:
====================
C:\Users\Jody C\ntuser (1).dat
C:\Users\Patrick\gotomypc_438.exe
C:\Users\Patrick\ig8018.exe
C:\Users\Patrick\iSetupNI.dll
 
 
Some files in TEMP:
====================
C:\Users\Finn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpicyehi.dll
C:\Users\Jody C\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptkki5o.dll
C:\Users\Jody C\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jody C\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jody C\AppData\Local\Temp\nvStInst.exe
C:\Users\Patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4il1wg.dll
C:\Users\Patrick\AppData\Local\Temp\libeay32.dll
C:\Users\Patrick\AppData\Local\Temp\msvcr120.dll
C:\Users\Patrick\AppData\Local\Temp\setup.exe
C:\Users\Patrick\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-25 15:22
 
==================== End of FRST.txt ============================

Attached Files


Edited by threehairsinarow, 03 June 2016 - 03:46 AM.


BC AdBot (Login to Remove)

 


#2 threehairsinarow

threehairsinarow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 05 June 2016 - 08:33 PM

I haven't had any further femurssculler redirects for a few days now.

I will repost if she raises her ugly head again.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 PM

Posted 05 June 2016 - 10:18 PM

Are you requesting the Topic be closed or would you like us to review your logs?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 threehairsinarow

threehairsinarow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 06 June 2016 - 12:04 AM

Go ahead and close, if any issues arise I will post again. Thanks.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:42 PM

Posted 06 June 2016 - 09:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users