Jump to content

She's done it again...


Recommended Posts

So my Mother-in-Law is running windows 8 (possibly, but unlikely, upgraded to 10) and has gotten her computer hijacked.  She's working until 9:30 tonight, but after that I can jump on her PC and find out the virus names and run some scans.  Basically a typical hijack that's asking her to subscribe to some security service.  My Father-in-Law actually called the number haha--he said he worked for "microsoft".

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/07/2016 10:01:34 PM in x64 mode.
Windows Version: Windows 10 Home 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 06/07/2016 10:03:16 PM
Execution time: 0 hours(s), 1 minute(s), and 42 seconds(s)
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/7/2016
Scan Time: 10:05 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.08.01
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: rhoda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384409
Time Elapsed: 22 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016
Ran by rhoda (administrator) on OFFICE (07-06-2016 22:39:52)
Running from C:\Users\rhoda\Desktop
Loaded Profiles: rhoda (Available Profiles: rhoda & admin)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wistron Corporation) C:\Program Files\DELLOSD\VolumeCtlSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-04-11] (RealNetworks, Inc.)
HKU\S-1-5-21-3889520710-1192632586-397018983-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-04-11]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\rhoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4520 series.lnk [2016-06-07]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4520 series.lnk -> C:\Program Files\HP\HP ENVY 4520 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43a778f2-80b7-4074-a61f-ef43b3e3dbc4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51f5a09e-971f-4943-a957-5c7906889800}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3889520710-1192632586-397018983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-3889520710-1192632586-397018983-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-3889520710-1192632586-397018983-1001 -> DefaultScope {5FD39516-86A6-46E4-9FC3-75DFE8B19EC9} URL = 
SearchScopes: HKU\S-1-5-21-3889520710-1192632586-397018983-1001 -> {5FD39516-86A6-46E4-9FC3-75DFE8B19EC9} URL = 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-03-15] (RealDownloader)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-03-15] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\rhoda\AppData\Roaming\Mozilla\Firefox\Profiles\i7x8qafx.default
FF DefaultSearchEngine: Bing 
FF DefaultSearchEngine.US: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.8.22 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-04-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.8 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-03-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.8 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-03-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.8 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-03-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.8.22 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-04-11] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\rhoda\AppData\Roaming\Mozilla\Firefox\Profiles\i7x8qafx.default\searchplugins\bing-.xml [2015-03-23]
FF Extension: Bing Search Engine - C:\Users\rhoda\AppData\Roaming\Mozilla\Firefox\Profiles\i7x8qafx.default\Extensions\bingsearch.full@microsoft.com [2015-03-23] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{0FAA5C82-A094-4541-8811-D3361F972A81}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-11] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-06]
CHR Extension: (YouTube) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-06]
CHR Extension: (Google Search) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-20]
CHR Extension: (Bing) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-06]
CHR Extension: (RealPlayer Downloader) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-11]
CHR Extension: (Skype) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-06]
CHR Extension: (Gmail) - C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR HKU\S-1-5-21-3889520710-1192632586-397018983-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-03-15] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-11] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-03-20] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 VolumeCtlSrv; C:\Program Files\DELLOSD\VolumeCtlSrv.exe [221696 2012-07-20] (Wistron Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCMWL63A; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11259136 2015-08-13] (Broadcom Corp)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 ITECIRfilter; C:\Windows\system32\DRIVERS\ITECIRfilter.sys [27856 2015-06-03] (ITE Tech. Inc. )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-07] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 PQAWRwa; C:\Program Files\DELLOSD\PQAWDrv.sys [12384 2008-03-01] () [File not signed]
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-07 22:39 - 2016-06-07 22:40 - 00021347 _____ C:\Users\rhoda\Desktop\FRST.txt
2016-06-07 22:39 - 2016-06-07 22:39 - 00000000 ____D C:\FRST
2016-06-07 22:38 - 2016-06-07 22:39 - 02385408 _____ (Farbar) C:\Users\rhoda\Desktop\FRST64.exe
2016-06-07 22:04 - 2016-06-07 22:05 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-07 22:04 - 2016-06-07 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-07 22:04 - 2016-06-07 22:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-07 22:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-07 22:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-07 22:01 - 2016-06-07 22:03 - 00001998 _____ C:\Users\rhoda\Desktop\Rkill.txt
2016-06-07 22:00 - 2016-06-07 22:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\rhoda\Desktop\rkill.exe
2016-06-07 21:56 - 2016-06-07 21:56 - 00000000 ___HD C:\OneDriveTemp
2016-05-30 20:06 - 2016-05-30 20:18 - 00000000 ____D C:\Users\rhoda\AppData\Local\HP
2016-05-30 20:06 - 2016-05-30 20:06 - 41642200 _____ C:\Users\rhoda\Downloads\EN4520_Basicx64_72.exe
2016-05-30 20:06 - 2016-05-30 20:06 - 00002255 _____ C:\Users\Public\Desktop\HP ENVY 4520 series.lnk
2016-05-30 20:06 - 2016-05-30 20:06 - 00001217 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4520 series.lnk
2016-05-30 20:06 - 2016-05-30 20:06 - 00000057 _____ C:\ProgramData\Ament.ini
2016-05-30 20:06 - 2016-05-30 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-05-30 20:06 - 2016-05-30 20:06 - 00000000 ____D C:\Program Files\HP
2016-05-30 20:06 - 2016-05-30 20:06 - 00000000 ____D C:\Program Files (x86)\HP
2016-05-30 20:06 - 2015-03-09 14:44 - 00807432 ____N (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPDiscoPMD711.dll
2016-05-30 19:59 - 2016-05-30 20:14 - 00000000 ____D C:\ProgramData\HP
2016-05-30 19:59 - 2016-05-30 19:59 - 00000000 ____D C:\Users\rhoda\AppData\Roaming\HP_Easy_Start
2016-05-30 19:58 - 2016-05-30 19:59 - 05450672 _____ C:\Users\rhoda\Downloads\HPEasyStart_3_5_2713_37.exe
2016-05-25 21:41 - 2016-05-25 21:41 - 00000000 ____D C:\Users\rhoda\AppData\LocalLow\Temp
2016-05-11 11:14 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 11:14 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 11:14 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 11:14 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 11:14 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 11:14 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 11:14 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 11:14 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 11:14 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 11:14 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 11:14 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 11:14 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 11:14 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 11:14 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 11:14 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 11:14 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 11:14 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 11:14 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 11:14 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 11:14 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 11:14 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 11:14 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 11:14 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 11:14 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 11:14 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 11:14 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 11:14 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 11:14 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 11:14 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 11:14 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 11:14 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 11:14 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 11:14 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 11:14 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 11:14 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 11:14 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 11:14 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 11:14 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 11:14 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 11:14 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 11:14 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 11:14 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 11:14 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 11:14 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 11:13 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 11:13 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 11:13 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 11:13 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 11:13 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 11:13 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 11:13 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 11:13 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 11:13 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 11:13 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 11:13 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 11:13 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 11:13 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 11:13 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 11:13 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 11:13 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 11:13 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 11:13 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 11:13 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 11:13 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 11:13 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 11:13 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 11:13 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 11:13 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 11:13 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 11:13 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 11:13 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 11:13 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 11:13 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 11:13 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 11:13 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 11:13 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 11:13 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 11:13 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 11:13 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 11:13 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 11:13 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 11:13 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 11:13 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 11:13 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 11:13 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 11:13 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 11:13 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 11:13 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 11:13 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 11:13 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 11:13 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 11:13 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 11:13 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 11:13 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 11:13 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 11:13 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 11:13 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 11:13 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 11:13 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 11:13 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 11:13 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 11:13 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 11:13 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 11:13 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 11:13 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 11:13 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 11:13 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 11:13 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 11:13 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 11:13 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 11:13 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 11:13 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 11:13 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 11:13 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 11:13 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 11:13 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 11:13 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 11:13 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 11:13 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 11:13 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 11:13 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 11:13 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 11:13 - 2016-04-23 00:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-11 11:13 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 11:13 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 11:13 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 11:13 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 11:13 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 11:13 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 11:13 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 11:13 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 11:13 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 11:13 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 11:13 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 11:13 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 11:13 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 11:13 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 11:13 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 11:13 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 11:13 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 11:13 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 11:13 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 11:13 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 11:13 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 11:13 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 11:13 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 11:13 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 11:13 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 11:13 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 11:13 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 11:13 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 11:13 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 11:13 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 11:13 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 11:13 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 11:13 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 11:13 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 11:13 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 11:13 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 11:13 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 11:13 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 11:13 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 11:13 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 11:13 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 11:13 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 11:13 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 11:13 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-11 11:13 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 11:13 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 11:13 - 2016-04-23 00:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-11 11:13 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 11:13 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 11:13 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 11:13 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 11:13 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 11:13 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 11:13 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 11:13 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 11:13 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 11:13 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 11:13 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 11:13 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 11:13 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 11:13 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 11:13 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 11:13 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 11:13 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 11:13 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 11:13 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 11:13 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 11:13 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 11:13 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 11:13 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 11:13 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 11:13 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 11:13 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 11:13 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 11:13 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 11:13 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 11:13 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 11:13 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 11:13 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 11:13 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 11:13 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 11:13 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 11:13 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 11:13 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 11:13 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 11:13 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 11:13 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 11:13 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 11:12 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 11:12 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-07 22:23 - 2014-04-11 16:33 - 00000000 ____D C:\Users\rhoda\AppData\Roaming\Skype
2016-06-07 22:04 - 2014-04-11 14:12 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-07 22:04 - 2014-04-11 14:12 - 00000000 ____D C:\Users\rhoda\AppData\Roaming\Malwarebytes
2016-06-07 22:04 - 2014-04-11 14:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-07 22:04 - 2014-04-11 14:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-06-07 22:03 - 2014-06-21 22:21 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8dc0adb79143.job
2016-06-07 21:59 - 2014-04-09 22:59 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BE874B0D-269E-42F6-B6F9-F10E579DC93E}
2016-06-07 21:56 - 2016-03-24 13:59 - 00000000 __SHD C:\Users\rhoda\IntelGraphicsProfiles
2016-06-07 21:56 - 2015-04-20 17:13 - 00003602 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3889520710-1192632586-397018983-1001
2016-06-07 21:56 - 2015-04-20 17:13 - 00003540 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3889520710-1192632586-397018983-1001
2016-06-07 21:56 - 2014-04-11 14:06 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-07 21:56 - 2014-04-09 22:35 - 00000000 __RDO C:\Users\rhoda\SkyDrive
2016-06-06 18:52 - 2016-03-24 13:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-06 18:52 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-06 18:05 - 2016-03-24 13:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-06 17:25 - 2016-03-24 13:12 - 00363728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-04 08:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-03 08:19 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-31 05:48 - 2014-09-19 13:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-31 05:48 - 2014-04-11 16:33 - 00000000 ____D C:\ProgramData\Skype
2016-05-25 21:39 - 2014-04-09 22:32 - 00000000 ____D C:\Users\rhoda\AppData\Local\Packages
2016-05-22 17:59 - 2016-03-24 13:17 - 00000000 ____D C:\Users\admin
2016-05-22 17:34 - 2016-03-27 11:23 - 00002403 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-22 17:34 - 2016-03-27 11:23 - 00000000 ___RD C:\Users\admin\OneDrive
2016-05-22 17:33 - 2016-03-27 11:11 - 00000000 __SHD C:\Users\admin\IntelGraphicsProfiles
2016-05-22 17:33 - 2014-04-09 22:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-19 18:07 - 2016-03-24 13:17 - 00000000 ____D C:\Users\rhoda
2016-05-19 16:47 - 2016-03-24 14:05 - 00002403 _____ C:\Users\rhoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-14 16:04 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-13 11:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 07:14 - 2014-04-11 14:07 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 03:33 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-05-12 03:31 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 03:31 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 03:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 14:16 - 2014-06-19 10:24 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{732AE036-2A31-4BC4-9F2F-2AC72D2F7C11}
2016-05-11 12:03 - 2014-04-13 10:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 11:57 - 2014-04-13 10:14 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 08:06 - 2014-04-11 13:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-10 20:58 - 2015-12-31 13:48 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 20:58 - 2014-06-21 22:21 - 00004008 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0adb79143
2016-05-10 14:17 - 2014-12-24 09:14 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2014-04-11 15:09 - 2014-04-11 15:09 - 0026903 _____ () C:\Users\rhoda\AppData\Roaming\Comma Separated Values (Windows).ADR
2016-05-30 20:06 - 2016-05-30 20:06 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-01-29 08:22 - 2014-01-29 08:22 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-01-29 08:19 - 2014-01-29 08:20 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-01-29 08:20 - 2014-01-29 08:21 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-01-29 08:21 - 2014-01-29 08:22 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-01-29 08:18 - 2014-01-29 08:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-02 11:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2016
Ran by rhoda (2016-06-07 22:40:45)
Running from C:\Users\rhoda\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-24 17:58:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3889520710-1192632586-397018983-1004 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3889520710-1192632586-397018983-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3889520710-1192632586-397018983-503 - Limited - Disabled)
Guest (S-1-5-21-3889520710-1192632586-397018983-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3889520710-1192632586-397018983-1003 - Limited - Enabled)
rhoda (S-1-5-21-3889520710-1192632586-397018983-1001 - Administrator - Enabled) => C:\Users\rhoda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}) (Version: 1.0.2.1108 - DELL)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.143 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.8 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3889520710-1192632586-397018983-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\rhoda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3889520710-1192632586-397018983-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {063E92A9-3F07-4B0A-B801-8B280B099C94} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {075A4238-4AA0-415C-BFDA-D752B036A4A7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {0C76730D-EE7E-472D-8424-2B60F68DDEB1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {0DD9BFFF-21D6-4BF1-8463-1A373F71B91E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {16980DD4-661C-4623-87DD-7A39AB3E479F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {248645FD-4B05-45DD-8365-1BEC1EEEC56D} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {25616486-03F7-4503-9A5D-A24877D6DC2B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {29D1D137-2824-410A-BCC5-85B4F92F290B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3889520710-1192632586-397018983-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.)
Task: {3D24B050-0E2E-466C-9714-9805A296EF0E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {418AC80F-602A-453B-A060-3095E57228BD} - System32\Tasks\{97B937A7-C1C9-472E-9FBC-8B23E7910150} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {43D8E47A-910E-4391-8EEB-594EC6DF645F} - System32\Tasks\{2F9F6818-7BF4-49F4-A6AB-FA2F7EED27AC} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=installer&amp;ver=7.5.85.102&amp;LastError=-9
Task: {565ACE39-4400-4921-8B49-3B9AA8D5572C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {56882BCC-0FC2-4751-84A0-868D6307B311} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0adb79143 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {64952E30-F11E-48CF-BF09-07D852C16AD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {66BFCE9C-6B86-4651-972E-9FC92042152D} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {690A474F-995E-46D5-A0BD-BA742882947F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {6A276257-1EBB-4A2E-82F9-575DAD76151E} - System32\Tasks\{AB0CC30F-27BF-45DD-9375-DD20A3F4E407} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.5.64.102/en/abandoninstall?page=tsProgressBar
Task: {731EE844-377B-4366-89E2-AB0298081BDF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {73B63615-2825-4D6D-A9BD-D3CD03486A81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7C43CFF5-DD18-4C15-839F-CE53CC33C577} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {82E95A44-BA96-4629-AEFD-47414317823D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {89AA6295-8689-4B02-8A59-F7995C759FBD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {96976E0B-031E-4AD0-88A8-CBDB18595EBD} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {98ED7D45-37CF-43E4-B7AD-2FDF1D0C73D8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A01F8D0F-461B-481A-BEFD-1D7078AD1545} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3889520710-1192632586-397018983-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-03-15] (RealNetworks, Inc.)
Task: {A0592452-A32D-4C99-80D8-6448AB7CCDAB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B617562C-8643-4350-8BFA-2F4307F01033} - System32\Tasks\{AB635480-3180-4E54-BDE6-CE1981B8D79B} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.5.64.102/en/abandoninstall?page=tsProgressBar
Task: {BCBC3CFC-98D5-42C0-8EDF-4BC9A3C303A7} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {C39BA3AB-B6D9-43DD-ABCF-DEC3FB82831D} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {C5ACDA4C-43FC-479D-B079-14D70D1F28BB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CAC4BB31-E18E-40F6-9AC6-2B16FEC38AAC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D908CE39-AF89-4320-956D-901BF409F1A1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F1C3AEBB-2F2A-42DE-AC8B-9DE3B38DEEEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {F29314D6-C25C-4C5B-92CB-3A3B94F96772} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {F29C2D13-D0C2-4CE7-B766-B859B0DA02E6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3889520710-1192632586-397018983-1001
Task: {F6FB50E0-730A-475A-B22E-D436F214487A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8dc0adb79143.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-22 15:40 - 2013-08-22 15:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2014-03-15 03:18 - 2014-03-15 03:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-03-20 21:13 - 2014-03-20 21:13 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-12 13:43 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 13:43 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 16:47 - 2016-05-19 16:47 - 00959168 _____ () C:\Users\rhoda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-11 11:14 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-03-24 17:06 - 2016-03-24 17:06 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 11:12 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 11:14 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 11:14 - 2016-04-22 23:58 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-05-11 11:14 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 11:14 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 15:11 - 2016-04-19 15:11 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-11 14:17 - 2014-04-11 14:17 - 00869976 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-01-29 08:13 - 2013-08-19 15:12 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-19 16:47 - 2016-05-19 16:47 - 00679624 _____ () C:\Users\rhoda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-05-13 07:14 - 2016-05-11 07:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 07:14 - 2016-05-11 07:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2014-01-29 08:19 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 15:41 - 2013-03-05 15:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-05-13 07:14 - 2016-05-11 07:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
2016-04-19 15:11 - 2016-04-19 15:11 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 15:11 - 2016-04-19 15:11 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3889520710-1192632586-397018983-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{124754B3-57B2-4FC3-83FF-CB046E8E90C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4BF561B-0BAD-47CC-A4EA-9C0F6646E8FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A218F94A-8357-4B0C-B431-837E38DDBC37}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2D59BE43-E9D6-4749-A46A-F2A978748CAB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4CB82ECA-92A4-4C65-89A8-61EF0ED320EC}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{3E405433-CDA4-4509-8C0C-D3CDFD3E522A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{EA7D36EB-F6AE-4CD2-B41F-3D1506710F40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{849A05B4-DB91-421C-B2ED-BBE23930F757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10CC36AF-C45B-4ADF-BB03-10C7507C3CE8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29C07D8E-95D2-429C-B786-AACCA2D34C7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{78A890F5-A760-4AE8-977F-42ECA3F9E115}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B193D38A-C9C7-4B16-96AB-D0B77DCD6827}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5FC365A9-F169-43CE-BF54-659EFF2DF38B}] => (Allow) LPort=1900
FirewallRules: [{CC1EC0E2-84BE-41CA-B857-D2A635495C28}] => (Allow) LPort=2869
FirewallRules: [{8EDB25FB-1BFF-41C7-A5C5-1C2ADD521AC1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{26540380-D43D-4BC7-9A38-6A062F4FF5D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{539E0D67-CAC3-4E4C-8519-A38D9B7478BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{01C0300B-DC89-4507-A7DB-3236471BE80F}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{D4CE4FBF-0C7C-4D73-B865-498E50840F50}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{59108BE7-3944-466D-9AEB-06130F2F1F93}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [TCP Query User{9CE10AAB-5B1C-4C75-BF7B-20C19327CEE2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7BE8CF90-3F17-49B0-9915-F16A7363C3DB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{864BA441-EE38-4C06-99D2-1CA82FC7BC6D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BEB7877A-597A-4EEE-8921-99FBDA2F6EBD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4F8ADF08-D2EB-4534-9542-B581A4202406}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{17D1B459-9B53-43EB-B5A0-E32B92E03D65}] => (Allow) C:\Users\rhoda\AppData\Local\Temp\7zS5E27\HP.EasyStart.exe
FirewallRules: [{A8E39982-B81F-4CF8-BC74-0AB3CE2753A6}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{639C7CD4-94BC-486D-B60C-BB36B5FB6C23}] => (Allow) LPort=5357
FirewallRules: [{4AE7AF28-3A4B-4451-A492-943E057EED7E}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

21-05-2016 17:03:15 Scheduled Checkpoint
30-05-2016 12:05:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2016 10:16:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/07/2016 10:16:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2016 06:09:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2016 06:09:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2016 06:09:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/06/2016 06:09:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/04/2016 08:22:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/03/2016 08:12:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/03/2016 08:12:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFFICE)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/30/2016 12:05:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (06/07/2016 10:16:56 PM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca

Error: (06/07/2016 10:54:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_7f85dc service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/07/2016 10:54:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_7f85dc service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/07/2016 10:54:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_7f85dc service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/07/2016 10:54:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_7f85dc service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/07/2016 10:54:17 AM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {0002DF02-0000-0000-C000-000000000046}

Error: (06/07/2016 10:54:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/07/2016 06:49:57 AM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {0002DF02-0000-0000-C000-000000000046}

Error: (06/07/2016 06:49:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_118956 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/07/2016 06:49:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_118956 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-06-07 22:39:19.350
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:19.340
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:19.089
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:19.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:18.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:18.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:18.797
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:18.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:18.752
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 22:39:18.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G2030T @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 3985.32 MB
Available physical RAM: 1615.14 MB
Total Virtual: 4689.32 MB
Available Virtual: 2048.58 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.1 GB) (Free:874.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 897B84D3)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

Link to post
Share on other sites

Do not see any obvious malware, infection or hijacker in those logs, FRST does check Internet Explorer regardless of it being open or closed... Continue and run the following:

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs in your reply....

Thank you,

Kevin..
Link to post
Share on other sites

so two things:

1) on Zemana, I set the action to Quarantine, but the log said it Deleted them.  See below:

2) I set Sophos to Scan left it running and then my PC restarted so I'm not sure if it found anything the first time.   Posting my second log.

Zemana AntiMalware 2.20.2.911 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/6/8
Operating System       : Windows 10 64-bit
Processor              : 2X Intel(R) Pentium(R) CPU G2030T @ 2.60GHz
BIOS Mode              : UEFI
CUID                   : 127917328C00F32E68FF2E
Scan Type              : Smart Scan
Duration               : 3m 50s
Scanned Objects        : 14503
Detected Objects       : 4
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Trojan:Win32/Poweliks
Status             : Scanned
Object             : %systemroot%\system32\tasks\{2f9f6818-7bf4-49f4-a6ab-fa2f7eed27ac}|c:\program files\internet explorer\iexplore.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Fileless Malware
Cleaning Action    : Delete
Related Objects    :
                Scheduled Task - C:\WINDOWS\System32\Tasks\{2F9F6818-7BF4-49F4-A6AB-FA2F7EED27AC}

Trojan:Win32/Poweliks
Status             : Scanned
Object             : %systemroot%\system32\tasks\{97b937a7-c1c9-472e-9fbc-8b23e7910150}|c:\program files\internet explorer\iexplore.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Fileless Malware
Cleaning Action    : Delete
Related Objects    :
                Scheduled Task - C:\WINDOWS\System32\Tasks\{97B937A7-C1C9-472E-9FBC-8B23E7910150}

Trojan:Win32/Poweliks
Status             : Scanned
Object             : %systemroot%\system32\tasks\{ab0cc30f-27bf-45dd-9375-dd20a3f4e407}|c:\program files\internet explorer\iexplore.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Fileless Malware
Cleaning Action    : Delete
Related Objects    :
                Scheduled Task - C:\WINDOWS\System32\Tasks\{AB0CC30F-27BF-45DD-9375-DD20A3F4E407}

Trojan:Win32/Poweliks
Status             : Scanned
Object             : %systemroot%\system32\tasks\{ab635480-3180-4e54-bde6-ce1981b8d79b}|c:\program files\internet explorer\iexplore.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Fileless Malware
Cleaning Action    : Delete
Related Objects    :
                Scheduled Task - C:\WINDOWS\System32\Tasks\{AB635480-3180-4E54-BDE6-CE1981B8D79B}


Cleaning Result
-------------------------------------------------------
Cleaned               : 4
Reported as safe      : 0
Failed                : 0
 

2016-06-08 10:57:10.634    Sophos Virus Removal Tool version 2.5.5
2016-06-08 10:57:10.634    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-08 10:57:10.634    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-08 10:57:10.634    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-08 10:57:10.634    Checking for updates...
2016-06-08 10:57:10.650    Update progress: proxy server not available
2016-06-08 10:57:21.061    Option all = no
2016-06-08 10:57:21.061    Option recurse = yes
2016-06-08 10:57:21.061    Option archive = no
2016-06-08 10:57:21.061    Option service = yes
2016-06-08 10:57:21.061    Option confirm = yes
2016-06-08 10:57:21.061    Option sxl = yes
2016-06-08 10:57:21.061    Option max-data-age = 35
2016-06-08 10:57:21.061    Option EnableSafeClean = yes
2016-06-08 10:57:23.379    Option vdl-logging = yes
2016-06-08 10:57:23.409    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 10:57:23.409    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-08 10:57:23.410    Component SVRTcli.exe version 2.5.5
2016-06-08 10:57:23.410    Component control.dll version 2.5.5
2016-06-08 10:57:23.410    Component SVRTservice.exe version 2.5.5
2016-06-08 10:57:23.410    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 10:57:23.410    Component engine\veex.dll version 3.65.0.2250
2016-06-08 10:57:23.410    Component engine\savi.dll version 9.0.1.2250
2016-06-08 10:57:23.410    Component rkdisk.dll version 1.5.30.0
2016-06-08 10:57:23.410    Version info:    Product version    2.5.5
2016-06-08 10:57:23.411    Version info:    Detection engine    3.65.0
2016-06-08 10:57:23.411    Version info:    Detection data    5.26
2016-06-08 10:57:23.411    Version info:    Build date    4/5/2016
2016-06-08 10:57:23.411    Version info:    Data files added    437
2016-06-08 10:57:23.411    Version info:    Last successful update    (not yet updated)
2016-06-08 10:57:33.151    Downloading updates...
2016-06-08 10:57:33.153    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-08 10:57:33.153    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-08 10:57:33.153    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-08 10:57:45.432    Update progress: [I19463] Syncing product IDE527 142
2016-06-08 10:57:48.843    Installing updates...
2016-06-08 10:57:49.459    Error level 1
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE528 127
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE529 135
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE530 39
2016-06-08 10:57:58.100    Update successful
2016-06-08 10:58:08.943    Option all = no
2016-06-08 10:58:08.943    Option recurse = yes
2016-06-08 10:58:08.943    Option archive = no
2016-06-08 10:58:08.943    Option service = yes
2016-06-08 10:58:08.943    Option confirm = yes
2016-06-08 10:58:08.943    Option sxl = yes
2016-06-08 10:58:08.943    Option max-data-age = 35
2016-06-08 10:58:08.943    Option EnableSafeClean = yes
2016-06-08 10:58:09.527    Option vdl-logging = yes
2016-06-08 10:58:09.543    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 10:58:09.543    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-08 10:58:09.543    Component SVRTcli.exe version 2.5.5
2016-06-08 10:58:09.543    Component control.dll version 2.5.5
2016-06-08 10:58:09.543    Component SVRTservice.exe version 2.5.5
2016-06-08 10:58:09.543    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 10:58:09.543    Component engine\veex.dll version 3.65.0.2250
2016-06-08 10:58:09.543    Component engine\savi.dll version 9.0.1.2250
2016-06-08 10:58:09.543    Component rkdisk.dll version 1.5.30.0
2016-06-08 10:58:09.543    Version info:    Product version    2.5.5
2016-06-08 10:58:09.543    Version info:    Detection engine    3.65.0
2016-06-08 10:58:09.543    Version info:    Detection data    5.26
2016-06-08 10:58:09.543    Version info:    Build date    4/5/2016
2016-06-08 10:58:09.543    Version info:    Data files added    437
2016-06-08 10:58:09.543    Version info:    Last successful update    6/8/2016 6:57:58 AM

2016-06-08 11:46:47.152    >>> Virus 'Troj/DocDl-CT' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2003b807\20140918_122519.doc
2016-06-09 00:12:36.140    Sophos Virus Removal Tool version 2.5.5
2016-06-09 00:12:36.140    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-09 00:12:36.140    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-09 00:12:36.140    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-09 00:12:36.140    Checking for updates...
2016-06-09 00:12:36.179    Update progress: proxy server not available
2016-06-09 00:12:54.299    Option all = no
2016-06-09 00:12:54.299    Option recurse = yes
2016-06-09 00:12:54.299    Option archive = no
2016-06-09 00:12:54.299    Option service = yes
2016-06-09 00:12:54.299    Option confirm = yes
2016-06-09 00:12:54.299    Option sxl = yes
2016-06-09 00:12:54.301    Option max-data-age = 35
2016-06-09 00:12:54.301    Option EnableSafeClean = yes
2016-06-09 00:12:55.074    Option vdl-logging = yes
2016-06-09 00:12:55.085    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 00:12:55.085    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 00:12:55.208    Component SVRTcli.exe version 2.5.5
2016-06-09 00:12:55.208    Component control.dll version 2.5.5
2016-06-09 00:12:55.208    Component SVRTservice.exe version 2.5.5
2016-06-09 00:12:55.208    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 00:12:55.209    Component engine\veex.dll version 3.65.0.2250
2016-06-09 00:12:55.209    Component engine\savi.dll version 9.0.1.2250
2016-06-09 00:12:55.268    Component rkdisk.dll version 1.5.30.0
2016-06-09 00:12:55.268    Version info:    Product version    2.5.5
2016-06-09 00:12:55.269    Version info:    Detection engine    3.65.0
2016-06-09 00:12:55.269    Version info:    Detection data    5.26
2016-06-09 00:12:55.269    Version info:    Build date    4/5/2016
2016-06-09 00:12:55.269    Version info:    Data files added    437
2016-06-09 00:12:55.269    Version info:    Last successful update    6/8/2016 6:57:58 AM
2016-06-09 00:13:15.817    Downloading updates...
2016-06-09 00:13:15.818    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-09 00:13:15.818    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-09 00:13:15.819    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-09 00:13:15.819    Update progress: [I19463] Syncing product IDE527 142
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE528 127
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE529 135
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE530 42
2016-06-09 00:13:21.064    Installing updates...
2016-06-09 00:13:21.879    Error level 1
2016-06-09 00:13:22.372    Update successful
2016-06-09 00:13:37.466    Option all = no
2016-06-09 00:13:37.466    Option recurse = yes
2016-06-09 00:13:37.466    Option archive = no
2016-06-09 00:13:37.466    Option service = yes
2016-06-09 00:13:37.466    Option confirm = yes
2016-06-09 00:13:37.466    Option sxl = yes
2016-06-09 00:13:37.468    Option max-data-age = 35
2016-06-09 00:13:37.468    Option EnableSafeClean = yes
2016-06-09 00:13:38.043    Option vdl-logging = yes
2016-06-09 00:13:38.056    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 00:13:38.056    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 00:13:38.056    Component SVRTcli.exe version 2.5.5
2016-06-09 00:13:38.056    Component control.dll version 2.5.5
2016-06-09 00:13:38.057    Component SVRTservice.exe version 2.5.5
2016-06-09 00:13:38.057    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 00:13:38.057    Component engine\veex.dll version 3.65.0.2250
2016-06-09 00:13:38.057    Component engine\savi.dll version 9.0.1.2250
2016-06-09 00:13:38.057    Component rkdisk.dll version 1.5.30.0
2016-06-09 00:13:38.057    Version info:    Product version    2.5.5
2016-06-09 00:13:38.058    Version info:    Detection engine    3.65.0
2016-06-09 00:13:38.058    Version info:    Detection data    5.26
2016-06-09 00:13:38.058    Version info:    Build date    4/5/2016
2016-06-09 00:13:38.058    Version info:    Data files added    440
2016-06-09 00:13:38.058    Version info:    Last successful update    6/8/2016 8:13:22 PM

2016-06-09 00:18:19.457    >>> Virus 'Troj/DocDl-CT' found in file C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6
2016-06-09 00:28:33.699    Could not open C:\hiberfil.sys
2016-06-09 00:28:33.707    Could not open C:\pagefile.sys
2016-06-09 00:39:51.340    Could not open C:\swapfile.sys
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{ab0f150b-236a-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{ab471794-2c32-11e6-82a7-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{e475e9e4-1e02-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:45:40.705    >>> Virus 'Mal/FakeAvCn-E' found in file C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\8C5206A76D046A1E00008C517A6276A2
2016-06-09 00:50:06.796    Could not open C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-09 00:50:06.797    Could not open C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-09 01:01:49.584    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (1).zip
2016-06-09 01:02:03.857    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (2).zip
2016-06-09 01:02:16.387    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (3).zip
2016-06-09 01:02:27.686    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (4).zip
2016-06-09 01:02:39.225    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (5).zip
2016-06-09 01:02:50.581    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id.zip
2016-06-09 01:03:22.604    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.604    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.605    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.605    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:53.027    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.027    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.028    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.029    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:04:25.690    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.692    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.693    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.694    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:57.412    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.412    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.415    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.415    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:05:27.524    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.524    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.525    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.525    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:59.157    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.157    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.158    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.159    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:06:14.112    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (1).zip
2016-06-09 01:06:25.801    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (10).zip
2016-06-09 01:06:37.815    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (11).zip
2016-06-09 01:06:51.208    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (12).zip
2016-06-09 01:07:03.068    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (13).zip
2016-06-09 01:07:15.368    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (14).zip
2016-06-09 01:07:27.332    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (15).zip
2016-06-09 01:07:38.930    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (16).zip
2016-06-09 01:07:52.672    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (17).zip
2016-06-09 01:08:05.792    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (18).zip
2016-06-09 01:08:19.364    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (19).zip
2016-06-09 01:08:33.506    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (2).zip
2016-06-09 01:08:48.635    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (20).zip
2016-06-09 01:09:03.525    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (21).zip
2016-06-09 01:09:16.826    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (22).zip
2016-06-09 01:09:29.214    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (23).zip
2016-06-09 01:09:41.417    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (24).zip
2016-06-09 01:09:55.276    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (25).zip
2016-06-09 01:10:06.910    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (26).zip
2016-06-09 01:10:18.517    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (27).zip
2016-06-09 01:10:31.617    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (28).zip
2016-06-09 01:10:44.264    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (29).zip
2016-06-09 01:10:56.812    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (3).zip
2016-06-09 01:11:09.554    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (30).zip
2016-06-09 01:11:21.969    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (31).zip
2016-06-09 01:11:33.587    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (32).zip
2016-06-09 01:11:45.092    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (33).zip
2016-06-09 01:11:56.998    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (34).zip
2016-06-09 01:12:08.840    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (35).zip
2016-06-09 01:12:20.542    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (36).zip
2016-06-09 01:12:31.964    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (37).zip
2016-06-09 01:12:43.537    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (38).zip
2016-06-09 01:12:55.404    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (39).zip
2016-06-09 01:13:08.331    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (4).zip
2016-06-09 01:13:22.217    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (40).zip
2016-06-09 01:13:34.771    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (41).zip
2016-06-09 01:13:47.481    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (42).zip
2016-06-09 01:14:01.281    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (43).zip
2016-06-09 01:14:15.684    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (44).zip
2016-06-09 01:14:26.828    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (45).zip
2016-06-09 01:14:38.155    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (46).zip
2016-06-09 01:14:49.485    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (47).zip
2016-06-09 01:15:00.973    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (5).zip
2016-06-09 01:15:12.378    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (6).zip
2016-06-09 01:15:23.849    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (7).zip
2016-06-09 01:15:35.661    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (8).zip
2016-06-09 01:15:47.723    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (9).zip
2016-06-09 01:15:59.213    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id.zip
2016-06-09 01:16:14.552    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report (1).zip
2016-06-09 01:16:25.871    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report.zip
2016-06-09 01:16:26.003    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 01:16:26.003    Disinfection not offered
2016-06-09 01:16:26.044    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 01:16:26.045    Disinfection not offered
2016-06-09 01:16:26.084    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 01:16:26.084    Disinfection not offered
2016-06-09 01:16:26.122    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 01:16:26.122    Disinfection not offered
2016-06-09 01:16:26.167    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 01:16:26.167    Disinfection not offered
2016-06-09 01:16:26.202    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 01:16:26.202    Disinfection not offered
2016-06-09 01:16:26.242    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 01:16:26.244    Disinfection not offered
2016-06-09 01:16:41.296    >>> Virus 'Mal/DrodZp-A' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav (1).zip
2016-06-09 01:16:54.673    >>> Virus 'Mal/DrodZp-A' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav.zip
2016-06-09 01:17:21.712    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (1).zip
2016-06-09 01:17:27.702    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (2).zip
2016-06-09 01:17:33.365    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (3).zip
2016-06-09 01:17:38.973    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice.zip
2016-06-09 01:23:04.787    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-09 01:23:04.787    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-09 01:23:07.992    Could not open C:\Windows\System32\config\BBI
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-09 01:23:08.170    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-09 01:23:08.170    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-09 01:40:29.928    The following items will be cleaned up:
2016-06-09 01:40:29.929    Mal/FakeAvCn-E
2016-06-09 01:40:29.929    Troj/Invo-Zip
2016-06-09 01:40:29.929    Mal/Generic-S
2016-06-09 01:40:29.929    Mal/DrodZp-A
2016-06-09 01:40:29.929    Troj/JavaDL-XO
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Troj/DocDl-CT
 

Link to post
Share on other sites

Cleanup Log:

 

2016-06-08 10:57:10.634    Sophos Virus Removal Tool version 2.5.5
2016-06-08 10:57:10.634    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-08 10:57:10.634    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-08 10:57:10.634    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-08 10:57:10.634    Checking for updates...
2016-06-08 10:57:10.650    Update progress: proxy server not available
2016-06-08 10:57:21.061    Option all = no
2016-06-08 10:57:21.061    Option recurse = yes
2016-06-08 10:57:21.061    Option archive = no
2016-06-08 10:57:21.061    Option service = yes
2016-06-08 10:57:21.061    Option confirm = yes
2016-06-08 10:57:21.061    Option sxl = yes
2016-06-08 10:57:21.061    Option max-data-age = 35
2016-06-08 10:57:21.061    Option EnableSafeClean = yes
2016-06-08 10:57:23.379    Option vdl-logging = yes
2016-06-08 10:57:23.409    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 10:57:23.409    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-08 10:57:23.410    Component SVRTcli.exe version 2.5.5
2016-06-08 10:57:23.410    Component control.dll version 2.5.5
2016-06-08 10:57:23.410    Component SVRTservice.exe version 2.5.5
2016-06-08 10:57:23.410    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 10:57:23.410    Component engine\veex.dll version 3.65.0.2250
2016-06-08 10:57:23.410    Component engine\savi.dll version 9.0.1.2250
2016-06-08 10:57:23.410    Component rkdisk.dll version 1.5.30.0
2016-06-08 10:57:23.410    Version info:    Product version    2.5.5
2016-06-08 10:57:23.411    Version info:    Detection engine    3.65.0
2016-06-08 10:57:23.411    Version info:    Detection data    5.26
2016-06-08 10:57:23.411    Version info:    Build date    4/5/2016
2016-06-08 10:57:23.411    Version info:    Data files added    437
2016-06-08 10:57:23.411    Version info:    Last successful update    (not yet updated)
2016-06-08 10:57:33.151    Downloading updates...
2016-06-08 10:57:33.153    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-08 10:57:33.153    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-08 10:57:33.153    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-08 10:57:45.432    Update progress: [I19463] Syncing product IDE527 142
2016-06-08 10:57:48.843    Installing updates...
2016-06-08 10:57:49.459    Error level 1
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE528 127
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE529 135
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE530 39
2016-06-08 10:57:58.100    Update successful
2016-06-08 10:58:08.943    Option all = no
2016-06-08 10:58:08.943    Option recurse = yes
2016-06-08 10:58:08.943    Option archive = no
2016-06-08 10:58:08.943    Option service = yes
2016-06-08 10:58:08.943    Option confirm = yes
2016-06-08 10:58:08.943    Option sxl = yes
2016-06-08 10:58:08.943    Option max-data-age = 35
2016-06-08 10:58:08.943    Option EnableSafeClean = yes
2016-06-08 10:58:09.527    Option vdl-logging = yes
2016-06-08 10:58:09.543    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 10:58:09.543    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-08 10:58:09.543    Component SVRTcli.exe version 2.5.5
2016-06-08 10:58:09.543    Component control.dll version 2.5.5
2016-06-08 10:58:09.543    Component SVRTservice.exe version 2.5.5
2016-06-08 10:58:09.543    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 10:58:09.543    Component engine\veex.dll version 3.65.0.2250
2016-06-08 10:58:09.543    Component engine\savi.dll version 9.0.1.2250
2016-06-08 10:58:09.543    Component rkdisk.dll version 1.5.30.0
2016-06-08 10:58:09.543    Version info:    Product version    2.5.5
2016-06-08 10:58:09.543    Version info:    Detection engine    3.65.0
2016-06-08 10:58:09.543    Version info:    Detection data    5.26
2016-06-08 10:58:09.543    Version info:    Build date    4/5/2016
2016-06-08 10:58:09.543    Version info:    Data files added    437
2016-06-08 10:58:09.543    Version info:    Last successful update    6/8/2016 6:57:58 AM

2016-06-08 11:46:47.152    >>> Virus 'Troj/DocDl-CT' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2003b807\20140918_122519.doc
2016-06-09 00:12:36.140    Sophos Virus Removal Tool version 2.5.5
2016-06-09 00:12:36.140    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-09 00:12:36.140    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-09 00:12:36.140    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-09 00:12:36.140    Checking for updates...
2016-06-09 00:12:36.179    Update progress: proxy server not available
2016-06-09 00:12:54.299    Option all = no
2016-06-09 00:12:54.299    Option recurse = yes
2016-06-09 00:12:54.299    Option archive = no
2016-06-09 00:12:54.299    Option service = yes
2016-06-09 00:12:54.299    Option confirm = yes
2016-06-09 00:12:54.299    Option sxl = yes
2016-06-09 00:12:54.301    Option max-data-age = 35
2016-06-09 00:12:54.301    Option EnableSafeClean = yes
2016-06-09 00:12:55.074    Option vdl-logging = yes
2016-06-09 00:12:55.085    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 00:12:55.085    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 00:12:55.208    Component SVRTcli.exe version 2.5.5
2016-06-09 00:12:55.208    Component control.dll version 2.5.5
2016-06-09 00:12:55.208    Component SVRTservice.exe version 2.5.5
2016-06-09 00:12:55.208    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 00:12:55.209    Component engine\veex.dll version 3.65.0.2250
2016-06-09 00:12:55.209    Component engine\savi.dll version 9.0.1.2250
2016-06-09 00:12:55.268    Component rkdisk.dll version 1.5.30.0
2016-06-09 00:12:55.268    Version info:    Product version    2.5.5
2016-06-09 00:12:55.269    Version info:    Detection engine    3.65.0
2016-06-09 00:12:55.269    Version info:    Detection data    5.26
2016-06-09 00:12:55.269    Version info:    Build date    4/5/2016
2016-06-09 00:12:55.269    Version info:    Data files added    437
2016-06-09 00:12:55.269    Version info:    Last successful update    6/8/2016 6:57:58 AM
2016-06-09 00:13:15.817    Downloading updates...
2016-06-09 00:13:15.818    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-09 00:13:15.818    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-09 00:13:15.819    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-09 00:13:15.819    Update progress: [I19463] Syncing product IDE527 142
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE528 127
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE529 135
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE530 42
2016-06-09 00:13:21.064    Installing updates...
2016-06-09 00:13:21.879    Error level 1
2016-06-09 00:13:22.372    Update successful
2016-06-09 00:13:37.466    Option all = no
2016-06-09 00:13:37.466    Option recurse = yes
2016-06-09 00:13:37.466    Option archive = no
2016-06-09 00:13:37.466    Option service = yes
2016-06-09 00:13:37.466    Option confirm = yes
2016-06-09 00:13:37.466    Option sxl = yes
2016-06-09 00:13:37.468    Option max-data-age = 35
2016-06-09 00:13:37.468    Option EnableSafeClean = yes
2016-06-09 00:13:38.043    Option vdl-logging = yes
2016-06-09 00:13:38.056    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 00:13:38.056    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 00:13:38.056    Component SVRTcli.exe version 2.5.5
2016-06-09 00:13:38.056    Component control.dll version 2.5.5
2016-06-09 00:13:38.057    Component SVRTservice.exe version 2.5.5
2016-06-09 00:13:38.057    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 00:13:38.057    Component engine\veex.dll version 3.65.0.2250
2016-06-09 00:13:38.057    Component engine\savi.dll version 9.0.1.2250
2016-06-09 00:13:38.057    Component rkdisk.dll version 1.5.30.0
2016-06-09 00:13:38.057    Version info:    Product version    2.5.5
2016-06-09 00:13:38.058    Version info:    Detection engine    3.65.0
2016-06-09 00:13:38.058    Version info:    Detection data    5.26
2016-06-09 00:13:38.058    Version info:    Build date    4/5/2016
2016-06-09 00:13:38.058    Version info:    Data files added    440
2016-06-09 00:13:38.058    Version info:    Last successful update    6/8/2016 8:13:22 PM

2016-06-09 00:18:19.457    >>> Virus 'Troj/DocDl-CT' found in file C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6
2016-06-09 00:28:33.699    Could not open C:\hiberfil.sys
2016-06-09 00:28:33.707    Could not open C:\pagefile.sys
2016-06-09 00:39:51.340    Could not open C:\swapfile.sys
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{ab0f150b-236a-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{ab471794-2c32-11e6-82a7-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{e475e9e4-1e02-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:45:40.705    >>> Virus 'Mal/FakeAvCn-E' found in file C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\8C5206A76D046A1E00008C517A6276A2
2016-06-09 00:50:06.796    Could not open C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-09 00:50:06.797    Could not open C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-09 01:01:49.584    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (1).zip
2016-06-09 01:02:03.857    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (2).zip
2016-06-09 01:02:16.387    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (3).zip
2016-06-09 01:02:27.686    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (4).zip
2016-06-09 01:02:39.225    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (5).zip
2016-06-09 01:02:50.581    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id.zip
2016-06-09 01:03:22.604    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.604    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.605    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.605    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:53.027    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.027    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.028    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.029    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:04:25.690    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.692    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.693    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.694    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:57.412    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.412    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.415    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.415    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:05:27.524    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.524    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.525    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.525    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:59.157    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.157    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.158    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.159    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:06:14.112    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (1).zip
2016-06-09 01:06:25.801    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (10).zip
2016-06-09 01:06:37.815    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (11).zip
2016-06-09 01:06:51.208    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (12).zip
2016-06-09 01:07:03.068    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (13).zip
2016-06-09 01:07:15.368    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (14).zip
2016-06-09 01:07:27.332    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (15).zip
2016-06-09 01:07:38.930    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (16).zip
2016-06-09 01:07:52.672    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (17).zip
2016-06-09 01:08:05.792    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (18).zip
2016-06-09 01:08:19.364    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (19).zip
2016-06-09 01:08:33.506    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (2).zip
2016-06-09 01:08:48.635    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (20).zip
2016-06-09 01:09:03.525    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (21).zip
2016-06-09 01:09:16.826    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (22).zip
2016-06-09 01:09:29.214    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (23).zip
2016-06-09 01:09:41.417    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (24).zip
2016-06-09 01:09:55.276    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (25).zip
2016-06-09 01:10:06.910    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (26).zip
2016-06-09 01:10:18.517    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (27).zip
2016-06-09 01:10:31.617    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (28).zip
2016-06-09 01:10:44.264    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (29).zip
2016-06-09 01:10:56.812    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (3).zip
2016-06-09 01:11:09.554    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (30).zip
2016-06-09 01:11:21.969    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (31).zip
2016-06-09 01:11:33.587    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (32).zip
2016-06-09 01:11:45.092    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (33).zip
2016-06-09 01:11:56.998    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (34).zip
2016-06-09 01:12:08.840    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (35).zip
2016-06-09 01:12:20.542    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (36).zip
2016-06-09 01:12:31.964    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (37).zip
2016-06-09 01:12:43.537    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (38).zip
2016-06-09 01:12:55.404    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (39).zip
2016-06-09 01:13:08.331    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (4).zip
2016-06-09 01:13:22.217    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (40).zip
2016-06-09 01:13:34.771    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (41).zip
2016-06-09 01:13:47.481    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (42).zip
2016-06-09 01:14:01.281    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (43).zip
2016-06-09 01:14:15.684    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (44).zip
2016-06-09 01:14:26.828    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (45).zip
2016-06-09 01:14:38.155    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (46).zip
2016-06-09 01:14:49.485    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (47).zip
2016-06-09 01:15:00.973    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (5).zip
2016-06-09 01:15:12.378    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (6).zip
2016-06-09 01:15:23.849    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (7).zip
2016-06-09 01:15:35.661    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (8).zip
2016-06-09 01:15:47.723    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (9).zip
2016-06-09 01:15:59.213    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id.zip
2016-06-09 01:16:14.552    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report (1).zip
2016-06-09 01:16:25.871    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report.zip
2016-06-09 01:16:26.003    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 01:16:26.003    Disinfection not offered
2016-06-09 01:16:26.044    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 01:16:26.045    Disinfection not offered
2016-06-09 01:16:26.084    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 01:16:26.084    Disinfection not offered
2016-06-09 01:16:26.122    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 01:16:26.122    Disinfection not offered
2016-06-09 01:16:26.167    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 01:16:26.167    Disinfection not offered
2016-06-09 01:16:26.202    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 01:16:26.202    Disinfection not offered
2016-06-09 01:16:26.242    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 01:16:26.244    Disinfection not offered
2016-06-09 01:16:41.296    >>> Virus 'Mal/DrodZp-A' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav (1).zip
2016-06-09 01:16:54.673    >>> Virus 'Mal/DrodZp-A' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav.zip
2016-06-09 01:17:21.712    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (1).zip
2016-06-09 01:17:27.702    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (2).zip
2016-06-09 01:17:33.365    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (3).zip
2016-06-09 01:17:38.973    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice.zip
2016-06-09 01:23:04.787    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-09 01:23:04.787    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-09 01:23:07.992    Could not open C:\Windows\System32\config\BBI
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-09 01:23:08.170    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-09 01:23:08.170    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-09 01:40:29.928    The following items will be cleaned up:
2016-06-09 01:40:29.929    Mal/FakeAvCn-E
2016-06-09 01:40:29.929    Troj/Invo-Zip
2016-06-09 01:40:29.929    Mal/Generic-S
2016-06-09 01:40:29.929    Mal/DrodZp-A
2016-06-09 01:40:29.929    Troj/JavaDL-XO
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Troj/DocDl-CT
2016-06-09 01:41:56.588    Threat 'Mal/FakeAvCn-E' has been cleaned up.
2016-06-09 01:41:56.596    File "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\8C5206A76D046A1E00008C517A6276A2" belongs to malware 'Mal/FakeAvCn-E'.
2016-06-09 01:41:56.596    File "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\8C5206A76D046A1E00008C517A6276A2" has been cleaned up.
2016-06-09 01:41:56.596    Removal successful
2016-06-09 01:47:25.193    Threat 'Troj/Invo-Zip' has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (1).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (1).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (2).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (2).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (3).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (3).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (4).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (4).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (5).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (5).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id.zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id.zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (1).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (1).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (10).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (10).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (11).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (11).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (12).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (12).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (13).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (13).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (14).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (14).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (15).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (15).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (16).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (16).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (17).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (17).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (18).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (18).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (19).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (19).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (2).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (2).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (20).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (20).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (21).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (21).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (22).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (22).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (23).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (23).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (24).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (24).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (25).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (25).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (26).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (26).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (27).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (27).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (28).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (28).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (29).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (29).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (3).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (3).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (30).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (30).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (31).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (31).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (32).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (32).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (33).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (33).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (34).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (34).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (35).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (35).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (36).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (36).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (37).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (37).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (38).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (38).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (39).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (39).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (4).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (4).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (40).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (40).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (41).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (41).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (42).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (42).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (43).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (43).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (44).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (44).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (45).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (45).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (46).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (46).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (47).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (47).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (5).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (5).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (6).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (6).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (7).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (7).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (8).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (8).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (9).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (9).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id.zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id.zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report (1).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report (1).zip" has been cleaned up.
2016-06-09 01:47:25.202    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report.zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.202    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report.zip" has been cleaned up.
2016-06-09 01:47:25.202    Removal successful
2016-06-09 01:47:59.956    Threat 'Mal/Generic-S' was not cleaned up. (error 0xa0040208)
2016-06-09 01:47:59.956    Removal failed
2016-06-09 01:48:12.361    Threat 'Mal/DrodZp-A' has been cleaned up.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav (1).zip" belongs to malware 'Mal/DrodZp-A'.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav (1).zip" has been cleaned up.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav.zip" belongs to malware 'Mal/DrodZp-A'.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav.zip" has been cleaned up.
2016-06-09 01:48:12.361    Removal successful
2016-06-09 01:48:34.729    Threat 'Troj/JavaDL-XO' has been cleaned up.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (1).zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (1).zip" has been cleaned up.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (2).zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (2).zip" has been cleaned up.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (3).zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (3).zip" has been cleaned up.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice.zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice.zip" has been cleaned up.
2016-06-09 01:48:34.730    Removal successful
2016-06-09 01:48:34.834    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 01:48:34.834    Disinfection not offered
2016-06-09 01:48:34.835    Disinfection failed [0xa0040208]
2016-06-09 01:48:34.883    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 01:48:34.883    Disinfection not offered
2016-06-09 01:48:34.884    Disinfection failed [0xa0040208]
2016-06-09 01:48:34.943    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 01:48:34.943    Disinfection not offered
2016-06-09 01:48:34.943    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.004    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 01:48:35.004    Disinfection not offered
2016-06-09 01:48:35.004    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.050    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 01:48:35.050    Disinfection not offered
2016-06-09 01:48:35.050    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.101    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 01:48:35.101    Disinfection not offered
2016-06-09 01:48:35.103    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.150    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 01:48:35.150    Disinfection not offered
2016-06-09 01:48:35.150    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.917    Installed boot task components.

2016-06-09 01:48:36.200    Contents of SafeClean bin directory:
2016-06-09 01:48:36.210    {
2016-06-09 01:48:36.210        RecordID   : "0000000000000001",
2016-06-09 01:48:36.210        ItemType   : "1",
2016-06-09 01:48:36.210        Location   : "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\",
2016-06-09 01:48:36.210        FileName   : "8C5206A76D046A1E00008C517A6276A2",
2016-06-09 01:48:36.210        ThreatName : "Mal/FakeAvCn-E",
2016-06-09 01:48:36.210        Checksum   : "6bab6678add86f15e35e7379501fdd95dc023f4887aa8fa53fc47cd839d5733b",
2016-06-09 01:48:36.210        TimeStamp  : "Wed Jun 08 21:41:47 2016"
2016-06-09 01:48:36.210    }
2016-06-09 01:48:36.210    {
2016-06-09 01:48:36.210        RecordID   : "0000000000000002",
2016-06-09 01:48:36.210        ItemType   : "1",
2016-06-09 01:48:36.210        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.210        FileName   : "order_id (1).zip",
2016-06-09 01:48:36.210        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.210        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.210        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.210    }
2016-06-09 01:48:36.210    {
2016-06-09 01:48:36.210        RecordID   : "0000000000000003",
2016-06-09 01:48:36.210        ItemType   : "1",
2016-06-09 01:48:36.210        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.210        FileName   : "order_id (2).zip",
2016-06-09 01:48:36.210        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.210        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.210        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000004",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id (3).zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000005",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id (4).zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000006",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id (5).zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000007",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id.zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "0000000000000008",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (1).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "0000000000000009",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (10).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "000000000000000a",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (11).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "000000000000000b",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (12).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000c",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (13).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000d",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (14).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000e",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (15).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000f",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (16).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000010",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (17).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000011",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (18).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000012",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (19).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000013",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (2).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000014",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (20).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000015",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (21).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000016",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (22).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000017",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (23).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000018",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (24).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "0000000000000019",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (25).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "000000000000001a",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (26).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "000000000000001b",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (27).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "000000000000001c",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (28).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "000000000000001d",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (29).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "000000000000001e",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (3).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "000000000000001f",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (30).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "0000000000000020",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (31).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.218        RecordID   : "0000000000000021",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (32).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.218        RecordID   : "0000000000000022",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (33).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.218        RecordID   : "0000000000000023",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (34).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000024",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (35).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000025",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (36).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000026",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (37).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000027",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (38).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.220        RecordID   : "0000000000000028",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (39).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "0000000000000029",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (4).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "000000000000002a",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (40).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "000000000000002b",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (41).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "000000000000002c",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (42).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "000000000000002d",
2016-06-09 01:48:36.221        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (43).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "000000000000002e",
2016-06-09 01:48:36.221        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (44).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "000000000000002f",
2016-06-09 01:48:36.221        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (45).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "0000000000000030",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (46).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.222    }
2016-06-09 01:48:36.222    {
2016-06-09 01:48:36.222        RecordID   : "0000000000000031",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (47).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.222    }
2016-06-09 01:48:36.222    {
2016-06-09 01:48:36.222        RecordID   : "0000000000000032",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (5).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.222    }
2016-06-09 01:48:36.222    {
2016-06-09 01:48:36.222        RecordID   : "0000000000000033",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (6).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000034",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id (7).zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.223        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000035",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id (8).zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.223        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000036",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id (9).zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.223        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000037",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id.zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "0000000000000038",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-09 01:48:36.224        FileName   : "order_report (1).zip",
2016-06-09 01:48:36.224        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.224        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "0000000000000039",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-09 01:48:36.224        FileName   : "order_report.zip",
2016-06-09 01:48:36.224        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.224        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "000000000000003a",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.224        FileName   : "order_id (1).zip",
2016-06-09 01:48:36.224        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.224        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "000000000000003b",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.224        FileName   : "order_id (2).zip",
2016-06-09 01:48:36.224        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.224        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003c",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.225        FileName   : "order_id (3).zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003d",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.225        FileName   : "order_id (4).zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003e",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.225        FileName   : "order_id.zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003f",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\",
2016-06-09 01:48:36.225        FileName   : "order_id.zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "9a9d3706ae222933817d095ceb609bc0cb7dea9b4d32df1b1a6fdc44fe0dc895",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000040",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-09 01:48:36.226        FileName   : "VOICE3589463733.wav (1).zip",
2016-06-09 01:48:36.226        ThreatName : "Mal/DrodZp-A",
2016-06-09 01:48:36.226        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000041",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-09 01:48:36.226        FileName   : "VOICE3589463733.wav.zip",
2016-06-09 01:48:36.226        ThreatName : "Mal/DrodZp-A",
2016-06-09 01:48:36.226        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000042",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.226        FileName   : "Invoice (1).zip",
2016-06-09 01:48:36.226        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.226        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000043",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.226        FileName   : "Invoice (2).zip",
2016-06-09 01:48:36.226        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.226        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000044",
2016-06-09 01:48:36.227        ItemType   : "1",
2016-06-09 01:48:36.227        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.227        FileName   : "Invoice (3).zip",
2016-06-09 01:48:36.227        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.227        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.227        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.227    }
2016-06-09 01:48:36.227    {
2016-06-09 01:48:36.227        RecordID   : "0000000000000045",
2016-06-09 01:48:36.227        ItemType   : "1",
2016-06-09 01:48:36.227        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.227        FileName   : "Invoice.zip",
2016-06-09 01:48:36.227        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.227        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.227        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.227    }
2016-06-09 01:48:36.858    The computer must be restarted in order to complete the cleanup.
2016-06-09 01:48:36.859    Error level 5
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: RenameFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: DriverDeleteDriverKey "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6.SHS"
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"

2016-06-09 01:49:15.929    Scan completed.
2016-06-09 01:49:15.929    

------------------------------------------------------------

2016-06-09 01:51:49.570    Sophos Virus Removal Tool version 2.5.5
2016-06-09 01:51:49.570    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-09 01:51:49.570    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-09 01:51:49.570    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-09 01:51:49.570    Checking for updates...
2016-06-09 01:51:52.947    Update progress: proxy server not available
2016-06-09 01:53:04.490    Downloading updates...
2016-06-09 01:53:04.521    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-09 01:53:04.521    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-09 01:53:04.521    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-09 01:53:04.521    Update progress: [I19463] Syncing product IDE527 142
2016-06-09 01:53:08.602    Option all = no
2016-06-09 01:53:08.602    Option recurse = yes
2016-06-09 01:53:08.602    Option archive = no
2016-06-09 01:53:08.602    Option service = yes
2016-06-09 01:53:08.602    Option confirm = yes
2016-06-09 01:53:08.602    Option sxl = yes
2016-06-09 01:53:08.604    Option max-data-age = 35
2016-06-09 01:53:08.604    Option EnableSafeClean = yes
2016-06-09 01:53:14.962    Option vdl-logging = yes
2016-06-09 01:53:15.056    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 01:53:15.056    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 01:53:15.225    Component SVRTcli.exe version 2.5.5
2016-06-09 01:53:15.225    Component control.dll version 2.5.5
2016-06-09 01:53:15.225    Component SVRTservice.exe version 2.5.5
2016-06-09 01:53:15.225    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 01:53:15.225    Component engine\veex.dll version 3.65.0.2250
2016-06-09 01:53:15.225    Component engine\savi.dll version 9.0.1.2250
2016-06-09 01:53:15.472    Component rkdisk.dll version 1.5.30.0
2016-06-09 01:53:15.472    Version info:    Product version    2.5.5
2016-06-09 01:53:15.472    Version info:    Detection engine    3.65.0
2016-06-09 01:53:15.472    Version info:    Detection data    5.26
2016-06-09 01:53:15.472    Version info:    Build date    4/5/2016
2016-06-09 01:53:15.472    Version info:    Data files added    440
2016-06-09 01:53:15.472    Version info:    Last successful update    6/8/2016 8:13:22 PM
2016-06-09 01:53:18.166    Update progress: [I19463] Syncing product IDE528 127
2016-06-09 01:53:18.167    Update progress: [I19463] Syncing product IDE529 135
2016-06-09 01:53:18.167    Update progress: [I19463] Syncing product IDE530 43
2016-06-09 01:53:18.374    Installing updates...
2016-06-09 01:53:19.034    Error level 1
2016-06-09 01:53:19.456    Update successful
2016-06-09 01:53:29.006    Option all = no
2016-06-09 01:53:29.006    Option recurse = yes
2016-06-09 01:53:29.006    Option archive = no
2016-06-09 01:53:29.006    Option service = yes
2016-06-09 01:53:29.006    Option confirm = yes
2016-06-09 01:53:29.006    Option sxl = yes
2016-06-09 01:53:29.008    Option max-data-age = 35
2016-06-09 01:53:29.008    Option EnableSafeClean = yes
2016-06-09 01:53:29.505    Option vdl-logging = yes
2016-06-09 01:53:29.515    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 01:53:29.515    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 01:53:29.516    Component SVRTcli.exe version 2.5.5
2016-06-09 01:53:29.516    Component control.dll version 2.5.5
2016-06-09 01:53:29.516    Component SVRTservice.exe version 2.5.5
2016-06-09 01:53:29.516    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 01:53:29.516    Component engine\veex.dll version 3.65.0.2250
2016-06-09 01:53:29.516    Component engine\savi.dll version 9.0.1.2250
2016-06-09 01:53:29.516    Component rkdisk.dll version 1.5.30.0
2016-06-09 01:53:29.516    Version info:    Product version    2.5.5
2016-06-09 01:53:29.517    Version info:    Detection engine    3.65.0
2016-06-09 01:53:29.517    Version info:    Detection data    5.26
2016-06-09 01:53:29.517    Version info:    Build date    4/5/2016
2016-06-09 01:53:29.517    Version info:    Data files added    441
2016-06-09 01:53:29.517    Version info:    Last successful update    6/8/2016 9:53:19 PM
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: RenameFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: DriverDeleteDriverKey "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6.SHS"
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:53:29.526    All cleanup on restart operations completed successfully.

Link to post
Share on other sites

Regarding Zenama, certain malicious entries have to be deleted, quarantine is not a safe action...

Sophos has removed many infected entries, to be sure your system is finally clean please re-run Zenama and Sophos scans one more time each. Post the produced logs. Also give an update on any remaining issues or concerns, or if the system is now running as expected with out issue/concerns also tell me that...

Thank you,

Kevin....

Link to post
Share on other sites

Allright--the issues seem gone and zenama didn't find anything.  Sophos found and resolved one item so I'm rescanning:

 

2016-06-08 10:57:10.634    Sophos Virus Removal Tool version 2.5.5
2016-06-08 10:57:10.634    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-08 10:57:10.634    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-08 10:57:10.634    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-08 10:57:10.634    Checking for updates...
2016-06-08 10:57:10.650    Update progress: proxy server not available
2016-06-08 10:57:21.061    Option all = no
2016-06-08 10:57:21.061    Option recurse = yes
2016-06-08 10:57:21.061    Option archive = no
2016-06-08 10:57:21.061    Option service = yes
2016-06-08 10:57:21.061    Option confirm = yes
2016-06-08 10:57:21.061    Option sxl = yes
2016-06-08 10:57:21.061    Option max-data-age = 35
2016-06-08 10:57:21.061    Option EnableSafeClean = yes
2016-06-08 10:57:23.379    Option vdl-logging = yes
2016-06-08 10:57:23.409    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 10:57:23.409    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-08 10:57:23.410    Component SVRTcli.exe version 2.5.5
2016-06-08 10:57:23.410    Component control.dll version 2.5.5
2016-06-08 10:57:23.410    Component SVRTservice.exe version 2.5.5
2016-06-08 10:57:23.410    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 10:57:23.410    Component engine\veex.dll version 3.65.0.2250
2016-06-08 10:57:23.410    Component engine\savi.dll version 9.0.1.2250
2016-06-08 10:57:23.410    Component rkdisk.dll version 1.5.30.0
2016-06-08 10:57:23.410    Version info:    Product version    2.5.5
2016-06-08 10:57:23.411    Version info:    Detection engine    3.65.0
2016-06-08 10:57:23.411    Version info:    Detection data    5.26
2016-06-08 10:57:23.411    Version info:    Build date    4/5/2016
2016-06-08 10:57:23.411    Version info:    Data files added    437
2016-06-08 10:57:23.411    Version info:    Last successful update    (not yet updated)
2016-06-08 10:57:33.151    Downloading updates...
2016-06-08 10:57:33.153    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-08 10:57:33.153    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-08 10:57:33.153    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-08 10:57:33.153    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-08 10:57:45.432    Update progress: [I19463] Syncing product IDE527 142
2016-06-08 10:57:48.843    Installing updates...
2016-06-08 10:57:49.459    Error level 1
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE528 127
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE529 135
2016-06-08 10:57:49.591    Update progress: [I19463] Syncing product IDE530 39
2016-06-08 10:57:58.100    Update successful
2016-06-08 10:58:08.943    Option all = no
2016-06-08 10:58:08.943    Option recurse = yes
2016-06-08 10:58:08.943    Option archive = no
2016-06-08 10:58:08.943    Option service = yes
2016-06-08 10:58:08.943    Option confirm = yes
2016-06-08 10:58:08.943    Option sxl = yes
2016-06-08 10:58:08.943    Option max-data-age = 35
2016-06-08 10:58:08.943    Option EnableSafeClean = yes
2016-06-08 10:58:09.527    Option vdl-logging = yes
2016-06-08 10:58:09.543    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-08 10:58:09.543    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-08 10:58:09.543    Component SVRTcli.exe version 2.5.5
2016-06-08 10:58:09.543    Component control.dll version 2.5.5
2016-06-08 10:58:09.543    Component SVRTservice.exe version 2.5.5
2016-06-08 10:58:09.543    Component engine\osdp.dll version 1.44.1.2250
2016-06-08 10:58:09.543    Component engine\veex.dll version 3.65.0.2250
2016-06-08 10:58:09.543    Component engine\savi.dll version 9.0.1.2250
2016-06-08 10:58:09.543    Component rkdisk.dll version 1.5.30.0
2016-06-08 10:58:09.543    Version info:    Product version    2.5.5
2016-06-08 10:58:09.543    Version info:    Detection engine    3.65.0
2016-06-08 10:58:09.543    Version info:    Detection data    5.26
2016-06-08 10:58:09.543    Version info:    Build date    4/5/2016
2016-06-08 10:58:09.543    Version info:    Data files added    437
2016-06-08 10:58:09.543    Version info:    Last successful update    6/8/2016 6:57:58 AM

2016-06-08 11:46:47.152    >>> Virus 'Troj/DocDl-CT' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2003b807\20140918_122519.doc
2016-06-09 00:12:36.140    Sophos Virus Removal Tool version 2.5.5
2016-06-09 00:12:36.140    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-09 00:12:36.140    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-09 00:12:36.140    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-09 00:12:36.140    Checking for updates...
2016-06-09 00:12:36.179    Update progress: proxy server not available
2016-06-09 00:12:54.299    Option all = no
2016-06-09 00:12:54.299    Option recurse = yes
2016-06-09 00:12:54.299    Option archive = no
2016-06-09 00:12:54.299    Option service = yes
2016-06-09 00:12:54.299    Option confirm = yes
2016-06-09 00:12:54.299    Option sxl = yes
2016-06-09 00:12:54.301    Option max-data-age = 35
2016-06-09 00:12:54.301    Option EnableSafeClean = yes
2016-06-09 00:12:55.074    Option vdl-logging = yes
2016-06-09 00:12:55.085    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 00:12:55.085    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 00:12:55.208    Component SVRTcli.exe version 2.5.5
2016-06-09 00:12:55.208    Component control.dll version 2.5.5
2016-06-09 00:12:55.208    Component SVRTservice.exe version 2.5.5
2016-06-09 00:12:55.208    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 00:12:55.209    Component engine\veex.dll version 3.65.0.2250
2016-06-09 00:12:55.209    Component engine\savi.dll version 9.0.1.2250
2016-06-09 00:12:55.268    Component rkdisk.dll version 1.5.30.0
2016-06-09 00:12:55.268    Version info:    Product version    2.5.5
2016-06-09 00:12:55.269    Version info:    Detection engine    3.65.0
2016-06-09 00:12:55.269    Version info:    Detection data    5.26
2016-06-09 00:12:55.269    Version info:    Build date    4/5/2016
2016-06-09 00:12:55.269    Version info:    Data files added    437
2016-06-09 00:12:55.269    Version info:    Last successful update    6/8/2016 6:57:58 AM
2016-06-09 00:13:15.817    Downloading updates...
2016-06-09 00:13:15.818    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-09 00:13:15.818    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-09 00:13:15.818    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-09 00:13:15.819    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-09 00:13:15.819    Update progress: [I19463] Syncing product IDE527 142
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE528 127
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE529 135
2016-06-09 00:13:20.885    Update progress: [I19463] Syncing product IDE530 42
2016-06-09 00:13:21.064    Installing updates...
2016-06-09 00:13:21.879    Error level 1
2016-06-09 00:13:22.372    Update successful
2016-06-09 00:13:37.466    Option all = no
2016-06-09 00:13:37.466    Option recurse = yes
2016-06-09 00:13:37.466    Option archive = no
2016-06-09 00:13:37.466    Option service = yes
2016-06-09 00:13:37.466    Option confirm = yes
2016-06-09 00:13:37.466    Option sxl = yes
2016-06-09 00:13:37.468    Option max-data-age = 35
2016-06-09 00:13:37.468    Option EnableSafeClean = yes
2016-06-09 00:13:38.043    Option vdl-logging = yes
2016-06-09 00:13:38.056    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 00:13:38.056    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 00:13:38.056    Component SVRTcli.exe version 2.5.5
2016-06-09 00:13:38.056    Component control.dll version 2.5.5
2016-06-09 00:13:38.057    Component SVRTservice.exe version 2.5.5
2016-06-09 00:13:38.057    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 00:13:38.057    Component engine\veex.dll version 3.65.0.2250
2016-06-09 00:13:38.057    Component engine\savi.dll version 9.0.1.2250
2016-06-09 00:13:38.057    Component rkdisk.dll version 1.5.30.0
2016-06-09 00:13:38.057    Version info:    Product version    2.5.5
2016-06-09 00:13:38.058    Version info:    Detection engine    3.65.0
2016-06-09 00:13:38.058    Version info:    Detection data    5.26
2016-06-09 00:13:38.058    Version info:    Build date    4/5/2016
2016-06-09 00:13:38.058    Version info:    Data files added    440
2016-06-09 00:13:38.058    Version info:    Last successful update    6/8/2016 8:13:22 PM

2016-06-09 00:18:19.457    >>> Virus 'Troj/DocDl-CT' found in file C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6
2016-06-09 00:28:33.699    Could not open C:\hiberfil.sys
2016-06-09 00:28:33.707    Could not open C:\pagefile.sys
2016-06-09 00:39:51.340    Could not open C:\swapfile.sys
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{ab0f150b-236a-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{ab471794-2c32-11e6-82a7-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:39:51.558    Could not open C:\System Volume Information\{e475e9e4-1e02-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 00:45:40.705    >>> Virus 'Mal/FakeAvCn-E' found in file C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\8C5206A76D046A1E00008C517A6276A2
2016-06-09 00:50:06.796    Could not open C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-06-09 00:50:06.797    Could not open C:\Users\rhoda\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-06-09 01:01:49.584    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (1).zip
2016-06-09 01:02:03.857    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (2).zip
2016-06-09 01:02:16.387    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (3).zip
2016-06-09 01:02:27.686    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (4).zip
2016-06-09 01:02:39.225    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (5).zip
2016-06-09 01:02:50.581    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id.zip
2016-06-09 01:03:22.604    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.604    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.605    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:22.605    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (1).zip
2016-06-09 01:03:53.027    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.027    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.028    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:03:53.029    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (2).zip
2016-06-09 01:04:25.690    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.692    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.693    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:25.694    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (3).zip
2016-06-09 01:04:57.412    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.412    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.415    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:04:57.415    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id (4).zip
2016-06-09 01:05:27.524    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.524    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.525    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:27.525    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\order_id.zip
2016-06-09 01:05:59.157    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.157    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.158    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:05:59.159    >>> Virus 'Mal/Generic-S' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\order_id.zip
2016-06-09 01:06:14.112    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (1).zip
2016-06-09 01:06:25.801    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (10).zip
2016-06-09 01:06:37.815    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (11).zip
2016-06-09 01:06:51.208    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (12).zip
2016-06-09 01:07:03.068    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (13).zip
2016-06-09 01:07:15.368    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (14).zip
2016-06-09 01:07:27.332    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (15).zip
2016-06-09 01:07:38.930    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (16).zip
2016-06-09 01:07:52.672    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (17).zip
2016-06-09 01:08:05.792    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (18).zip
2016-06-09 01:08:19.364    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (19).zip
2016-06-09 01:08:33.506    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (2).zip
2016-06-09 01:08:48.635    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (20).zip
2016-06-09 01:09:03.525    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (21).zip
2016-06-09 01:09:16.826    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (22).zip
2016-06-09 01:09:29.214    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (23).zip
2016-06-09 01:09:41.417    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (24).zip
2016-06-09 01:09:55.276    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (25).zip
2016-06-09 01:10:06.910    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (26).zip
2016-06-09 01:10:18.517    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (27).zip
2016-06-09 01:10:31.617    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (28).zip
2016-06-09 01:10:44.264    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (29).zip
2016-06-09 01:10:56.812    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (3).zip
2016-06-09 01:11:09.554    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (30).zip
2016-06-09 01:11:21.969    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (31).zip
2016-06-09 01:11:33.587    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (32).zip
2016-06-09 01:11:45.092    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (33).zip
2016-06-09 01:11:56.998    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (34).zip
2016-06-09 01:12:08.840    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (35).zip
2016-06-09 01:12:20.542    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (36).zip
2016-06-09 01:12:31.964    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (37).zip
2016-06-09 01:12:43.537    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (38).zip
2016-06-09 01:12:55.404    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (39).zip
2016-06-09 01:13:08.331    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (4).zip
2016-06-09 01:13:22.217    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (40).zip
2016-06-09 01:13:34.771    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (41).zip
2016-06-09 01:13:47.481    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (42).zip
2016-06-09 01:14:01.281    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (43).zip
2016-06-09 01:14:15.684    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (44).zip
2016-06-09 01:14:26.828    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (45).zip
2016-06-09 01:14:38.155    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (46).zip
2016-06-09 01:14:49.485    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (47).zip
2016-06-09 01:15:00.973    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (5).zip
2016-06-09 01:15:12.378    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (6).zip
2016-06-09 01:15:23.849    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (7).zip
2016-06-09 01:15:35.661    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (8).zip
2016-06-09 01:15:47.723    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (9).zip
2016-06-09 01:15:59.213    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id.zip
2016-06-09 01:16:14.552    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report (1).zip
2016-06-09 01:16:25.871    >>> Virus 'Troj/Invo-Zip' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report.zip
2016-06-09 01:16:26.003    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 01:16:26.003    Disinfection not offered
2016-06-09 01:16:26.044    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 01:16:26.045    Disinfection not offered
2016-06-09 01:16:26.084    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 01:16:26.084    Disinfection not offered
2016-06-09 01:16:26.122    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 01:16:26.122    Disinfection not offered
2016-06-09 01:16:26.167    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 01:16:26.167    Disinfection not offered
2016-06-09 01:16:26.202    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 01:16:26.202    Disinfection not offered
2016-06-09 01:16:26.242    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 01:16:26.244    Disinfection not offered
2016-06-09 01:16:41.296    >>> Virus 'Mal/DrodZp-A' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav (1).zip
2016-06-09 01:16:54.673    >>> Virus 'Mal/DrodZp-A' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav.zip
2016-06-09 01:17:21.712    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (1).zip
2016-06-09 01:17:27.702    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (2).zip
2016-06-09 01:17:33.365    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (3).zip
2016-06-09 01:17:38.973    >>> Virus 'Troj/JavaDL-XO' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice.zip
2016-06-09 01:23:04.787    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-09 01:23:04.787    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-09 01:23:07.992    Could not open C:\Windows\System32\config\BBI
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-09 01:23:08.154    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-09 01:23:08.170    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-09 01:23:08.170    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-09 01:40:29.928    The following items will be cleaned up:
2016-06-09 01:40:29.929    Mal/FakeAvCn-E
2016-06-09 01:40:29.929    Troj/Invo-Zip
2016-06-09 01:40:29.929    Mal/Generic-S
2016-06-09 01:40:29.929    Mal/DrodZp-A
2016-06-09 01:40:29.929    Troj/JavaDL-XO
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Mal/VB-ANB
2016-06-09 01:40:29.929    Troj/DocDl-CT
2016-06-09 01:41:56.588    Threat 'Mal/FakeAvCn-E' has been cleaned up.
2016-06-09 01:41:56.596    File "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\8C5206A76D046A1E00008C517A6276A2" belongs to malware 'Mal/FakeAvCn-E'.
2016-06-09 01:41:56.596    File "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\8C5206A76D046A1E00008C517A6276A2" has been cleaned up.
2016-06-09 01:41:56.596    Removal successful
2016-06-09 01:47:25.193    Threat 'Troj/Invo-Zip' has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (1).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (1).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (2).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (2).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (3).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (3).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (4).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (4).zip" has been cleaned up.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (5).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.193    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id (5).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id.zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\order_id.zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (1).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (1).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (10).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (10).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (11).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (11).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (12).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (12).zip" has been cleaned up.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (13).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.194    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (13).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (14).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (14).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (15).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (15).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (16).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (16).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (17).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (17).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (18).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (18).zip" has been cleaned up.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (19).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.195    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (19).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (2).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (2).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (20).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (20).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (21).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (21).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (22).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (22).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (23).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (23).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (24).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (24).zip" has been cleaned up.
2016-06-09 01:47:25.196    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (25).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (25).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (26).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (26).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (27).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (27).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (28).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (28).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (29).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (29).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (3).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (3).zip" has been cleaned up.
2016-06-09 01:47:25.197    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (30).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (30).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (31).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (31).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (32).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (32).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (33).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (33).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (34).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (34).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (35).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (35).zip" has been cleaned up.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (36).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.198    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (36).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (37).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (37).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (38).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (38).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (39).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (39).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (4).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (4).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (40).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (40).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (41).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (41).zip" has been cleaned up.
2016-06-09 01:47:25.199    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (42).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (42).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (43).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (43).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (44).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (44).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (45).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (45).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (46).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (46).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (47).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (47).zip" has been cleaned up.
2016-06-09 01:47:25.200    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (5).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (5).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (6).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (6).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (7).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (7).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (8).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (8).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (9).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id (9).zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id.zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\report_id.zip" has been cleaned up.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report (1).zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.201    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report (1).zip" has been cleaned up.
2016-06-09 01:47:25.202    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report.zip" belongs to 'Troj/Invo-Zip'.
2016-06-09 01:47:25.202    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\order_report.zip" has been cleaned up.
2016-06-09 01:47:25.202    Removal successful
2016-06-09 01:47:59.956    Threat 'Mal/Generic-S' was not cleaned up. (error 0xa0040208)
2016-06-09 01:47:59.956    Removal failed
2016-06-09 01:48:12.361    Threat 'Mal/DrodZp-A' has been cleaned up.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav (1).zip" belongs to malware 'Mal/DrodZp-A'.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav (1).zip" has been cleaned up.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav.zip" belongs to malware 'Mal/DrodZp-A'.
2016-06-09 01:48:12.361    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\VOICE3589463733.wav.zip" has been cleaned up.
2016-06-09 01:48:12.361    Removal successful
2016-06-09 01:48:34.729    Threat 'Troj/JavaDL-XO' has been cleaned up.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (1).zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (1).zip" has been cleaned up.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (2).zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.729    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (2).zip" has been cleaned up.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (3).zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice (3).zip" has been cleaned up.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice.zip" belongs to 'Troj/JavaDL-XO'.
2016-06-09 01:48:34.730    File "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\Invoice.zip" has been cleaned up.
2016-06-09 01:48:34.730    Removal successful
2016-06-09 01:48:34.834    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 01:48:34.834    Disinfection not offered
2016-06-09 01:48:34.835    Disinfection failed [0xa0040208]
2016-06-09 01:48:34.883    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 01:48:34.883    Disinfection not offered
2016-06-09 01:48:34.884    Disinfection failed [0xa0040208]
2016-06-09 01:48:34.943    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 01:48:34.943    Disinfection not offered
2016-06-09 01:48:34.943    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.004    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 01:48:35.004    Disinfection not offered
2016-06-09 01:48:35.004    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.050    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 01:48:35.050    Disinfection not offered
2016-06-09 01:48:35.050    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.101    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 01:48:35.101    Disinfection not offered
2016-06-09 01:48:35.103    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.150    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 01:48:35.150    Disinfection not offered
2016-06-09 01:48:35.150    Disinfection failed [0xa0040208]
2016-06-09 01:48:35.917    Installed boot task components.

2016-06-09 01:48:36.200    Contents of SafeClean bin directory:
2016-06-09 01:48:36.210    {
2016-06-09 01:48:36.210        RecordID   : "0000000000000001",
2016-06-09 01:48:36.210        ItemType   : "1",
2016-06-09 01:48:36.210        Location   : "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\",
2016-06-09 01:48:36.210        FileName   : "8C5206A76D046A1E00008C517A6276A2",
2016-06-09 01:48:36.210        ThreatName : "Mal/FakeAvCn-E",
2016-06-09 01:48:36.210        Checksum   : "6bab6678add86f15e35e7379501fdd95dc023f4887aa8fa53fc47cd839d5733b",
2016-06-09 01:48:36.210        TimeStamp  : "Wed Jun 08 21:41:47 2016"
2016-06-09 01:48:36.210    }
2016-06-09 01:48:36.210    {
2016-06-09 01:48:36.210        RecordID   : "0000000000000002",
2016-06-09 01:48:36.210        ItemType   : "1",
2016-06-09 01:48:36.210        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.210        FileName   : "order_id (1).zip",
2016-06-09 01:48:36.210        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.210        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.210        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.210    }
2016-06-09 01:48:36.210    {
2016-06-09 01:48:36.210        RecordID   : "0000000000000003",
2016-06-09 01:48:36.210        ItemType   : "1",
2016-06-09 01:48:36.210        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.210        FileName   : "order_id (2).zip",
2016-06-09 01:48:36.210        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.210        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.210        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000004",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id (3).zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000005",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id (4).zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000006",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id (5).zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.211    }
2016-06-09 01:48:36.211    {
2016-06-09 01:48:36.211        RecordID   : "0000000000000007",
2016-06-09 01:48:36.211        ItemType   : "1",
2016-06-09 01:48:36.211        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 01:48:36.211        FileName   : "order_id.zip",
2016-06-09 01:48:36.211        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.211        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 01:48:36.211        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "0000000000000008",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (1).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "0000000000000009",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (10).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "000000000000000a",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (11).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.212    {
2016-06-09 01:48:36.212        RecordID   : "000000000000000b",
2016-06-09 01:48:36.212        ItemType   : "1",
2016-06-09 01:48:36.212        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.212        FileName   : "report_id (12).zip",
2016-06-09 01:48:36.212        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.212        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.212        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.212    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000c",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (13).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000d",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (14).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000e",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (15).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.213    {
2016-06-09 01:48:36.213        RecordID   : "000000000000000f",
2016-06-09 01:48:36.213        ItemType   : "1",
2016-06-09 01:48:36.213        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.213        FileName   : "report_id (16).zip",
2016-06-09 01:48:36.213        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.213        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.213        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.213    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000010",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (17).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000011",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (18).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000012",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (19).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000013",
2016-06-09 01:48:36.214        ItemType   : "1",
2016-06-09 01:48:36.214        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.214        FileName   : "report_id (2).zip",
2016-06-09 01:48:36.214        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.214        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.214        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.214    }
2016-06-09 01:48:36.214    {
2016-06-09 01:48:36.214        RecordID   : "0000000000000014",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (20).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000015",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (21).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000016",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (22).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000017",
2016-06-09 01:48:36.215        ItemType   : "1",
2016-06-09 01:48:36.215        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.215        FileName   : "report_id (23).zip",
2016-06-09 01:48:36.215        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.215        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.215        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.215    }
2016-06-09 01:48:36.215    {
2016-06-09 01:48:36.215        RecordID   : "0000000000000018",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (24).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "0000000000000019",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (25).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "000000000000001a",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (26).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "000000000000001b",
2016-06-09 01:48:36.216        ItemType   : "1",
2016-06-09 01:48:36.216        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.216        FileName   : "report_id (27).zip",
2016-06-09 01:48:36.216        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.216        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.216        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.216    }
2016-06-09 01:48:36.216    {
2016-06-09 01:48:36.216        RecordID   : "000000000000001c",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (28).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "000000000000001d",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (29).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "000000000000001e",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (3).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "000000000000001f",
2016-06-09 01:48:36.217        ItemType   : "1",
2016-06-09 01:48:36.217        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.217        FileName   : "report_id (30).zip",
2016-06-09 01:48:36.217        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.217        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.217        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.217    }
2016-06-09 01:48:36.217    {
2016-06-09 01:48:36.217        RecordID   : "0000000000000020",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (31).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.218        RecordID   : "0000000000000021",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (32).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.218        RecordID   : "0000000000000022",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (33).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.218        RecordID   : "0000000000000023",
2016-06-09 01:48:36.218        ItemType   : "1",
2016-06-09 01:48:36.218        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.218        FileName   : "report_id (34).zip",
2016-06-09 01:48:36.218        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.218        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.218        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.218    }
2016-06-09 01:48:36.218    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000024",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (35).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000025",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (36).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000026",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (37).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.219        RecordID   : "0000000000000027",
2016-06-09 01:48:36.219        ItemType   : "1",
2016-06-09 01:48:36.219        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.219        FileName   : "report_id (38).zip",
2016-06-09 01:48:36.219        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.219        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.219        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.219    }
2016-06-09 01:48:36.219    {
2016-06-09 01:48:36.220        RecordID   : "0000000000000028",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (39).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "0000000000000029",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (4).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "000000000000002a",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (40).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "000000000000002b",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.220        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.220        FileName   : "report_id (41).zip",
2016-06-09 01:48:36.220        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.220        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.220        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.220    }
2016-06-09 01:48:36.220    {
2016-06-09 01:48:36.220        RecordID   : "000000000000002c",
2016-06-09 01:48:36.220        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (42).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "000000000000002d",
2016-06-09 01:48:36.221        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (43).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "000000000000002e",
2016-06-09 01:48:36.221        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (44).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "000000000000002f",
2016-06-09 01:48:36.221        ItemType   : "1",
2016-06-09 01:48:36.221        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.221        FileName   : "report_id (45).zip",
2016-06-09 01:48:36.221        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.221        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.221        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.221    }
2016-06-09 01:48:36.221    {
2016-06-09 01:48:36.221        RecordID   : "0000000000000030",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (46).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.222    }
2016-06-09 01:48:36.222    {
2016-06-09 01:48:36.222        RecordID   : "0000000000000031",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (47).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.222    }
2016-06-09 01:48:36.222    {
2016-06-09 01:48:36.222        RecordID   : "0000000000000032",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (5).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.222    }
2016-06-09 01:48:36.222    {
2016-06-09 01:48:36.222        RecordID   : "0000000000000033",
2016-06-09 01:48:36.222        ItemType   : "1",
2016-06-09 01:48:36.222        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.222        FileName   : "report_id (6).zip",
2016-06-09 01:48:36.222        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.222        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.222        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000034",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id (7).zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.223        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000035",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id (8).zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.223        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000036",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id (9).zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.223        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.223    }
2016-06-09 01:48:36.223    {
2016-06-09 01:48:36.223        RecordID   : "0000000000000037",
2016-06-09 01:48:36.223        ItemType   : "1",
2016-06-09 01:48:36.223        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 01:48:36.223        FileName   : "report_id.zip",
2016-06-09 01:48:36.223        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.223        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "0000000000000038",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-09 01:48:36.224        FileName   : "order_report (1).zip",
2016-06-09 01:48:36.224        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.224        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "0000000000000039",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-09 01:48:36.224        FileName   : "order_report.zip",
2016-06-09 01:48:36.224        ThreatName : "Troj/Invo-Zip",
2016-06-09 01:48:36.224        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "000000000000003a",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.224        FileName   : "order_id (1).zip",
2016-06-09 01:48:36.224        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.224        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.224    }
2016-06-09 01:48:36.224    {
2016-06-09 01:48:36.224        RecordID   : "000000000000003b",
2016-06-09 01:48:36.224        ItemType   : "1",
2016-06-09 01:48:36.224        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.224        FileName   : "order_id (2).zip",
2016-06-09 01:48:36.224        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.224        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.224        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003c",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.225        FileName   : "order_id (3).zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003d",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.225        FileName   : "order_id (4).zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003e",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 01:48:36.225        FileName   : "order_id.zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.225        RecordID   : "000000000000003f",
2016-06-09 01:48:36.225        ItemType   : "1",
2016-06-09 01:48:36.225        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\",
2016-06-09 01:48:36.225        FileName   : "order_id.zip",
2016-06-09 01:48:36.225        ThreatName : "Mal/Generic-S",
2016-06-09 01:48:36.225        Checksum   : "9a9d3706ae222933817d095ceb609bc0cb7dea9b4d32df1b1a6fdc44fe0dc895",
2016-06-09 01:48:36.225        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 01:48:36.225    }
2016-06-09 01:48:36.225    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000040",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-09 01:48:36.226        FileName   : "VOICE3589463733.wav (1).zip",
2016-06-09 01:48:36.226        ThreatName : "Mal/DrodZp-A",
2016-06-09 01:48:36.226        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000041",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-09 01:48:36.226        FileName   : "VOICE3589463733.wav.zip",
2016-06-09 01:48:36.226        ThreatName : "Mal/DrodZp-A",
2016-06-09 01:48:36.226        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000042",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.226        FileName   : "Invoice (1).zip",
2016-06-09 01:48:36.226        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.226        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000043",
2016-06-09 01:48:36.226        ItemType   : "1",
2016-06-09 01:48:36.226        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.226        FileName   : "Invoice (2).zip",
2016-06-09 01:48:36.226        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.226        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.226        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.226    }
2016-06-09 01:48:36.226    {
2016-06-09 01:48:36.226        RecordID   : "0000000000000044",
2016-06-09 01:48:36.227        ItemType   : "1",
2016-06-09 01:48:36.227        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.227        FileName   : "Invoice (3).zip",
2016-06-09 01:48:36.227        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.227        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.227        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.227    }
2016-06-09 01:48:36.227    {
2016-06-09 01:48:36.227        RecordID   : "0000000000000045",
2016-06-09 01:48:36.227        ItemType   : "1",
2016-06-09 01:48:36.227        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 01:48:36.227        FileName   : "Invoice.zip",
2016-06-09 01:48:36.227        ThreatName : "Troj/JavaDL-XO",
2016-06-09 01:48:36.227        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 01:48:36.227        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 01:48:36.227    }
2016-06-09 01:48:36.858    The computer must be restarted in order to complete the cleanup.
2016-06-09 01:48:36.859    Error level 5
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: RenameFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: DriverDeleteDriverKey "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6.SHS"
2016-06-09 01:48:36.863    Cleanup on restart pending for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"

2016-06-09 01:49:15.929    Scan completed.
2016-06-09 01:49:15.929    

------------------------------------------------------------

2016-06-09 01:51:49.570    Sophos Virus Removal Tool version 2.5.5
2016-06-09 01:51:49.570    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-09 01:51:49.570    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-09 01:51:49.570    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-09 01:51:49.570    Checking for updates...
2016-06-09 01:51:52.947    Update progress: proxy server not available
2016-06-09 01:53:04.490    Downloading updates...
2016-06-09 01:53:04.521    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-09 01:53:04.521    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-09 01:53:04.521    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-09 01:53:04.521    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-09 01:53:04.521    Update progress: [I19463] Syncing product IDE527 142
2016-06-09 01:53:08.602    Option all = no
2016-06-09 01:53:08.602    Option recurse = yes
2016-06-09 01:53:08.602    Option archive = no
2016-06-09 01:53:08.602    Option service = yes
2016-06-09 01:53:08.602    Option confirm = yes
2016-06-09 01:53:08.602    Option sxl = yes
2016-06-09 01:53:08.604    Option max-data-age = 35
2016-06-09 01:53:08.604    Option EnableSafeClean = yes
2016-06-09 01:53:14.962    Option vdl-logging = yes
2016-06-09 01:53:15.056    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 01:53:15.056    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 01:53:15.225    Component SVRTcli.exe version 2.5.5
2016-06-09 01:53:15.225    Component control.dll version 2.5.5
2016-06-09 01:53:15.225    Component SVRTservice.exe version 2.5.5
2016-06-09 01:53:15.225    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 01:53:15.225    Component engine\veex.dll version 3.65.0.2250
2016-06-09 01:53:15.225    Component engine\savi.dll version 9.0.1.2250
2016-06-09 01:53:15.472    Component rkdisk.dll version 1.5.30.0
2016-06-09 01:53:15.472    Version info:    Product version    2.5.5
2016-06-09 01:53:15.472    Version info:    Detection engine    3.65.0
2016-06-09 01:53:15.472    Version info:    Detection data    5.26
2016-06-09 01:53:15.472    Version info:    Build date    4/5/2016
2016-06-09 01:53:15.472    Version info:    Data files added    440
2016-06-09 01:53:15.472    Version info:    Last successful update    6/8/2016 8:13:22 PM
2016-06-09 01:53:18.166    Update progress: [I19463] Syncing product IDE528 127
2016-06-09 01:53:18.167    Update progress: [I19463] Syncing product IDE529 135
2016-06-09 01:53:18.167    Update progress: [I19463] Syncing product IDE530 43
2016-06-09 01:53:18.374    Installing updates...
2016-06-09 01:53:19.034    Error level 1
2016-06-09 01:53:19.456    Update successful
2016-06-09 01:53:29.006    Option all = no
2016-06-09 01:53:29.006    Option recurse = yes
2016-06-09 01:53:29.006    Option archive = no
2016-06-09 01:53:29.006    Option service = yes
2016-06-09 01:53:29.006    Option confirm = yes
2016-06-09 01:53:29.006    Option sxl = yes
2016-06-09 01:53:29.008    Option max-data-age = 35
2016-06-09 01:53:29.008    Option EnableSafeClean = yes
2016-06-09 01:53:29.505    Option vdl-logging = yes
2016-06-09 01:53:29.515    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 01:53:29.515    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 01:53:29.516    Component SVRTcli.exe version 2.5.5
2016-06-09 01:53:29.516    Component control.dll version 2.5.5
2016-06-09 01:53:29.516    Component SVRTservice.exe version 2.5.5
2016-06-09 01:53:29.516    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 01:53:29.516    Component engine\veex.dll version 3.65.0.2250
2016-06-09 01:53:29.516    Component engine\savi.dll version 9.0.1.2250
2016-06-09 01:53:29.516    Component rkdisk.dll version 1.5.30.0
2016-06-09 01:53:29.516    Version info:    Product version    2.5.5
2016-06-09 01:53:29.517    Version info:    Detection engine    3.65.0
2016-06-09 01:53:29.517    Version info:    Detection data    5.26
2016-06-09 01:53:29.517    Version info:    Build date    4/5/2016
2016-06-09 01:53:29.517    Version info:    Data files added    441
2016-06-09 01:53:29.517    Version info:    Last successful update    6/8/2016 9:53:19 PM
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: RenameFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: DriverDeleteDriverKey "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6.SHS"
2016-06-09 01:53:29.526    Cleanup on restart completed for Troj/DocDl-CT: DeleteFile "\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\6B1DD960-9BE7-0FEA-7037-2D698899C66C_1d1c2810c2785c6"
2016-06-09 01:53:29.526    All cleanup on restart operations completed successfully.

2016-06-09 01:55:18.956    Resetting pending boot tasks.


2016-06-09 02:55:36.185    Could not open C:\hiberfil.sys
2016-06-09 02:55:36.253    Could not open C:\pagefile.sys
2016-06-09 09:39:03.317    Could not open C:\swapfile.sys
2016-06-09 09:39:03.632    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 09:39:03.632    Could not open C:\System Volume Information\{ab0f150b-236a-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 09:39:03.632    Could not open C:\System Volume Information\{ab471794-2c32-11e6-82a7-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 09:39:03.632    Could not open C:\System Volume Information\{e475e9e4-1e02-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 10:08:37.374    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 10:08:37.374    Disinfection not offered
2016-06-09 10:08:37.421    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 10:08:37.421    Disinfection not offered
2016-06-09 10:08:37.443    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 10:08:37.458    Disinfection not offered
2016-06-09 10:08:37.521    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 10:08:37.521    Disinfection not offered
2016-06-09 10:08:37.543    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 10:08:37.543    Disinfection not offered
2016-06-09 10:08:37.574    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 10:08:37.574    Disinfection not offered
2016-06-09 10:08:37.621    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 10:08:37.621    Disinfection not offered
2016-06-09 10:16:19.725    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-09 10:16:19.725    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-09 10:16:22.729    Could not open C:\Windows\System32\config\BBI
2016-06-09 10:16:22.913    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-09 10:16:22.913    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-09 10:16:22.929    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-09 10:16:22.929    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-09 10:16:22.950    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-09 10:36:01.756    The following items will be cleaned up:
2016-06-09 10:36:01.756    Mal/VB-ANB
2016-06-09 10:36:01.756    Mal/VB-ANB
2016-06-09 10:36:01.756    Mal/VB-ANB
2016-06-09 10:36:01.756    Mal/VB-ANB
2016-06-09 10:36:01.756    Mal/VB-ANB
2016-06-09 10:36:01.756    Mal/VB-ANB
2016-06-09 10:36:01.756    Mal/VB-ANB

2016-06-09 11:08:50.669    Scan completed.
2016-06-09 11:08:50.669    

------------------------------------------------------------

2016-06-09 11:34:10.444    Sophos Virus Removal Tool version 2.5.5
2016-06-09 11:34:10.444    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-09 11:34:10.444    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-09 11:34:10.444    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-09 11:34:10.444    Checking for updates...
2016-06-09 11:34:10.444    Error: failed to create service (1072: The specified service has been marked for deletion.)
2016-06-09 11:34:10.475    Update progress: proxy server not available
2016-06-09 11:34:17.807    Sophos Virus Removal Tool version 2.5.5
2016-06-09 11:34:17.807    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-09 11:34:17.807    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-09 11:34:17.807    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-09 11:34:17.807    Checking for updates...
2016-06-09 11:34:17.823    Update progress: proxy server not available
2016-06-09 11:34:38.634    Downloading updates...
2016-06-09 11:34:38.634    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-09 11:34:38.634    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-09 11:34:38.634    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-09 11:34:38.634    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-09 11:34:38.634    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-09 11:34:38.634    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-09 11:34:38.634    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-09 11:34:38.634    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-09 11:34:38.634    Update progress: [I19463] Syncing product IDE527 142
2016-06-09 11:34:46.221    Update progress: [I19463] Syncing product IDE528 127
2016-06-09 11:34:46.221    Update progress: [I19463] Syncing product IDE529 135
2016-06-09 11:34:46.221    Update progress: [I19463] Syncing product IDE530 45
2016-06-09 11:34:46.421    Installing updates...
2016-06-09 11:34:48.188    Option all = no
2016-06-09 11:34:49.806    Option recurse = yes
2016-06-09 11:34:49.806    Option archive = no
2016-06-09 11:34:49.806    Option service = yes
2016-06-09 11:34:49.806    Option confirm = yes
2016-06-09 11:34:49.806    Option sxl = yes
2016-06-09 11:34:49.807    Option max-data-age = 35
2016-06-09 11:34:49.807    Option EnableSafeClean = yes
2016-06-09 11:34:49.807    Option vdl-logging = yes
2016-06-09 11:34:49.807    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 11:34:49.807    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 11:34:49.807    Component SVRTcli.exe version 2.5.5
2016-06-09 11:34:49.807    Component control.dll version 2.5.5
2016-06-09 11:34:49.807    Component SVRTservice.exe version 2.5.5
2016-06-09 11:34:49.807    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 11:34:49.807    Component engine\veex.dll version 3.65.0.2250
2016-06-09 11:34:49.807    Component engine\savi.dll version 9.0.1.2250
2016-06-09 11:34:49.807    Component rkdisk.dll version 1.5.30.0
2016-06-09 11:34:49.807    Version info:    Product version    2.5.5
2016-06-09 11:34:49.807    Version info:    Detection engine    3.65.0
2016-06-09 11:34:49.807    Version info:    Detection data    5.26
2016-06-09 11:34:49.808    Version info:    Build date    4/5/2016
2016-06-09 11:34:49.808    Version info:    Data files added    441
2016-06-09 11:34:49.808    Version info:    Last successful update    6/8/2016 9:53:19 PM
2016-06-09 11:34:49.808    Error level 1
2016-06-09 11:34:50.179    Update successful
2016-06-09 11:34:59.248    Option all = no
2016-06-09 11:34:59.249    Option recurse = yes
2016-06-09 11:34:59.249    Option archive = no
2016-06-09 11:34:59.249    Option service = yes
2016-06-09 11:34:59.249    Option confirm = yes
2016-06-09 11:34:59.249    Option sxl = yes
2016-06-09 11:34:59.250    Option max-data-age = 35
2016-06-09 11:34:59.250    Option EnableSafeClean = yes
2016-06-09 11:34:59.727    Option vdl-logging = yes
2016-06-09 11:34:59.727    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-09 11:34:59.727    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-09 11:34:59.727    Component SVRTcli.exe version 2.5.5
2016-06-09 11:34:59.727    Component control.dll version 2.5.5
2016-06-09 11:34:59.743    Component SVRTservice.exe version 2.5.5
2016-06-09 11:34:59.743    Component engine\osdp.dll version 1.44.1.2250
2016-06-09 11:34:59.743    Component engine\veex.dll version 3.65.0.2250
2016-06-09 11:34:59.743    Component engine\savi.dll version 9.0.1.2250
2016-06-09 11:34:59.743    Component rkdisk.dll version 1.5.30.0
2016-06-09 11:34:59.743    Version info:    Product version    2.5.5
2016-06-09 11:34:59.743    Version info:    Detection engine    3.65.0
2016-06-09 11:34:59.743    Version info:    Detection data    5.26
2016-06-09 11:34:59.743    Version info:    Build date    4/5/2016
2016-06-09 11:34:59.743    Version info:    Data files added    443
2016-06-09 11:34:59.743    Version info:    Last successful update    6/9/2016 7:34:50 AM

2016-06-09 12:34:03.102    Could not open C:\hiberfil.sys
2016-06-09 12:34:03.117    Could not open C:\pagefile.sys
2016-06-09 12:44:49.051    Could not open C:\swapfile.sys
2016-06-09 12:44:49.351    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 12:44:49.351    Could not open C:\System Volume Information\{ab0f150b-236a-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 12:44:49.351    Could not open C:\System Volume Information\{ab471794-2c32-11e6-82a7-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 12:44:49.351    Could not open C:\System Volume Information\{e475e9e4-1e02-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-09 13:12:47.192    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 13:12:47.192    Disinfection not offered
2016-06-09 13:12:47.230    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 13:12:47.230    Disinfection not offered
2016-06-09 13:12:47.261    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 13:12:47.261    Disinfection not offered
2016-06-09 13:12:47.308    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 13:12:47.308    Disinfection not offered
2016-06-09 13:12:47.346    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 13:12:47.346    Disinfection not offered
2016-06-09 13:12:47.377    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 13:12:47.377    Disinfection not offered
2016-06-09 13:12:47.408    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 13:12:47.408    Disinfection not offered
2016-06-09 13:19:10.067    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-09 13:19:10.067    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-09 13:19:12.803    Could not open C:\Windows\System32\config\BBI
2016-06-09 13:19:13.004    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-09 13:19:13.020    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-09 13:19:13.020    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-09 13:19:13.020    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-09 13:19:13.035    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-09 13:37:25.743    The following items will be cleaned up:
2016-06-09 13:37:25.743    Mal/VB-ANB
2016-06-09 13:37:25.743    Mal/VB-ANB
2016-06-09 13:37:25.743    Mal/VB-ANB
2016-06-09 13:37:25.743    Mal/VB-ANB
2016-06-09 13:37:25.743    Mal/VB-ANB
2016-06-09 13:37:25.743    Mal/VB-ANB
2016-06-09 13:37:25.743    Mal/VB-ANB
2016-06-09 13:37:39.423    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-09 13:37:39.423    Disinfection not offered
2016-06-09 13:37:39.423    Disinfection failed [0xa0040208]
2016-06-09 13:37:39.486    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-09 13:37:39.486    Disinfection not offered
2016-06-09 13:37:39.486    Disinfection failed [0xa0040208]
2016-06-09 13:37:39.523    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-09 13:37:39.523    Disinfection not offered
2016-06-09 13:37:39.523    Disinfection failed [0xa0040208]
2016-06-09 13:37:39.571    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-09 13:37:39.571    Disinfection not offered
2016-06-09 13:37:39.571    Disinfection failed [0xa0040208]
2016-06-09 13:37:39.624    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-09 13:37:39.624    Disinfection not offered
2016-06-09 13:37:39.624    Disinfection failed [0xa0040208]
2016-06-09 13:37:39.687    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-09 13:37:39.687    Disinfection not offered
2016-06-09 13:37:39.687    Disinfection failed [0xa0040208]
2016-06-09 13:37:39.724    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-09 13:37:39.724    Disinfection not offered
2016-06-09 13:37:39.724    Disinfection failed [0xa0040208]
2016-06-09 13:37:39.724    Error: cleanup failed.
2016-06-09 13:37:40.541    Contents of SafeClean bin directory:
2016-06-09 13:37:40.541    {
2016-06-09 13:37:40.541        RecordID   : "0000000000000001",
2016-06-09 13:37:40.541        ItemType   : "1",
2016-06-09 13:37:40.541        Location   : "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\",
2016-06-09 13:37:40.541        FileName   : "8C5206A76D046A1E00008C517A6276A2",
2016-06-09 13:37:40.541        ThreatName : "Mal/FakeAvCn-E",
2016-06-09 13:37:40.541        Checksum   : "6bab6678add86f15e35e7379501fdd95dc023f4887aa8fa53fc47cd839d5733b",
2016-06-09 13:37:40.541        TimeStamp  : "Wed Jun 08 21:41:47 2016"
2016-06-09 13:37:40.541    }
2016-06-09 13:37:40.541    {
2016-06-09 13:37:40.541        RecordID   : "0000000000000002",
2016-06-09 13:37:40.541        ItemType   : "1",
2016-06-09 13:37:40.541        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 13:37:40.541        FileName   : "order_id (1).zip",
2016-06-09 13:37:40.541        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.541        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 13:37:40.541        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.541    }
2016-06-09 13:37:40.541    {
2016-06-09 13:37:40.541        RecordID   : "0000000000000003",
2016-06-09 13:37:40.541        ItemType   : "1",
2016-06-09 13:37:40.541        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 13:37:40.541        FileName   : "order_id (2).zip",
2016-06-09 13:37:40.541        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.541        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 13:37:40.541        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.541    }
2016-06-09 13:37:40.541    {
2016-06-09 13:37:40.541        RecordID   : "0000000000000004",
2016-06-09 13:37:40.541        ItemType   : "1",
2016-06-09 13:37:40.541        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 13:37:40.541        FileName   : "order_id (3).zip",
2016-06-09 13:37:40.541        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.541        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 13:37:40.541        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.541    }
2016-06-09 13:37:40.541    {
2016-06-09 13:37:40.541        RecordID   : "0000000000000005",
2016-06-09 13:37:40.541        ItemType   : "1",
2016-06-09 13:37:40.541        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 13:37:40.541        FileName   : "order_id (4).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000006",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 13:37:40.557        FileName   : "order_id (5).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000007",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-09 13:37:40.557        FileName   : "order_id.zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000008",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (1).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000009",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (10).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000000a",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (11).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000000b",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (12).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000000c",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (13).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000000d",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (14).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000000e",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (15).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000000f",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (16).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000010",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (17).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000011",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (18).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000012",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (19).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000013",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (2).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000014",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (20).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000015",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (21).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000016",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (22).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000017",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (23).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000018",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (24).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000019",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (25).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000001a",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (26).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000001b",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (27).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000001c",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (28).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000001d",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (29).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000001e",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (3).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000001f",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (30).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000020",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (31).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000021",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (32).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000022",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (33).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000023",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (34).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000024",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (35).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000025",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (36).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000026",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (37).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000027",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (38).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000028",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (39).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000029",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (4).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000002a",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (40).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000002b",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (41).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000002c",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (42).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000002d",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (43).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000002e",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (44).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000002f",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (45).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000030",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (46).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000031",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (47).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000032",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (5).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000033",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (6).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000034",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (7).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000035",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (8).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000036",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id (9).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000037",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-09 13:37:40.557        FileName   : "report_id.zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000038",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-09 13:37:40.557        FileName   : "order_report (1).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000039",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-09 13:37:40.557        FileName   : "order_report.zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/Invo-Zip",
2016-06-09 13:37:40.557        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000003a",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 13:37:40.557        FileName   : "order_id (1).zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/Generic-S",
2016-06-09 13:37:40.557        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000003b",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 13:37:40.557        FileName   : "order_id (2).zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/Generic-S",
2016-06-09 13:37:40.557        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000003c",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 13:37:40.557        FileName   : "order_id (3).zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/Generic-S",
2016-06-09 13:37:40.557        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000003d",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 13:37:40.557        FileName   : "order_id (4).zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/Generic-S",
2016-06-09 13:37:40.557        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000003e",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-09 13:37:40.557        FileName   : "order_id.zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/Generic-S",
2016-06-09 13:37:40.557        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "000000000000003f",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\",
2016-06-09 13:37:40.557        FileName   : "order_id.zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/Generic-S",
2016-06-09 13:37:40.557        Checksum   : "9a9d3706ae222933817d095ceb609bc0cb7dea9b4d32df1b1a6fdc44fe0dc895",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000040",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-09 13:37:40.557        FileName   : "VOICE3589463733.wav (1).zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/DrodZp-A",
2016-06-09 13:37:40.557        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000041",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-09 13:37:40.557        FileName   : "VOICE3589463733.wav.zip",
2016-06-09 13:37:40.557        ThreatName : "Mal/DrodZp-A",
2016-06-09 13:37:40.557        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000042",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 13:37:40.557        FileName   : "Invoice (1).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/JavaDL-XO",
2016-06-09 13:37:40.557        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000043",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 13:37:40.557        FileName   : "Invoice (2).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/JavaDL-XO",
2016-06-09 13:37:40.557        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000044",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.557        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 13:37:40.557        FileName   : "Invoice (3).zip",
2016-06-09 13:37:40.557        ThreatName : "Troj/JavaDL-XO",
2016-06-09 13:37:40.557        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 13:37:40.557        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 13:37:40.557    }
2016-06-09 13:37:40.557    {
2016-06-09 13:37:40.557        RecordID   : "0000000000000045",
2016-06-09 13:37:40.557        ItemType   : "1",
2016-06-09 13:37:40.573        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-09 13:37:40.573        FileName   : "Invoice.zip",
2016-06-09 13:37:40.573        ThreatName : "Troj/JavaDL-XO",
2016-06-09 13:37:40.573        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-09 13:37:40.573        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-09 13:37:40.573    }
2016-06-09 13:37:41.503    Error level 0
2016-06-10 00:36:52.136    Sophos Virus Removal Tool version 2.5.5
2016-06-10 00:36:52.136    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-06-10 00:36:52.136    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-06-10 00:36:52.136    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-06-10 00:36:52.136    Checking for updates...
2016-06-10 00:36:52.152    Update progress: proxy server not available
2016-06-10 00:37:20.487    Downloading updates...
2016-06-10 00:37:20.487    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-06-10 00:37:20.487    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-06-10 00:37:20.487    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-06-10 00:37:20.487    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-06-10 00:37:20.487    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-06-10 00:37:20.487    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-06-10 00:37:20.487    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-06-10 00:37:20.487    Update progress: [I19463] Syncing product SAVIW32 70
2016-06-10 00:37:20.487    Update progress: [I19463] Syncing product IDE527 142
2016-06-10 00:37:31.738    Update progress: [I19463] Syncing product IDE528 127
2016-06-10 00:37:31.738    Update progress: [I19463] Syncing product IDE529 135
2016-06-10 00:37:31.738    Update progress: [I19463] Syncing product IDE530 48
2016-06-10 00:37:31.970    Installing updates...
2016-06-10 00:37:34.096    Option all = no
2016-06-10 00:37:35.352    Option recurse = yes
2016-06-10 00:37:35.352    Option archive = no
2016-06-10 00:37:35.352    Option service = yes
2016-06-10 00:37:35.352    Option confirm = yes
2016-06-10 00:37:35.352    Option sxl = yes
2016-06-10 00:37:35.352    Option max-data-age = 35
2016-06-10 00:37:35.352    Option EnableSafeClean = yes
2016-06-10 00:37:35.352    Option vdl-logging = yes
2016-06-10 00:37:35.352    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-10 00:37:35.352    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-10 00:37:35.352    Component SVRTcli.exe version 2.5.5
2016-06-10 00:37:35.352    Component control.dll version 2.5.5
2016-06-10 00:37:35.352    Component SVRTservice.exe version 2.5.5
2016-06-10 00:37:35.352    Component engine\osdp.dll version 1.44.1.2250
2016-06-10 00:37:35.352    Component engine\veex.dll version 3.65.0.2250
2016-06-10 00:37:35.352    Component engine\savi.dll version 9.0.1.2250
2016-06-10 00:37:35.352    Component rkdisk.dll version 1.5.30.0
2016-06-10 00:37:35.352    Version info:    Product version    2.5.5
2016-06-10 00:37:35.352    Version info:    Detection engine    3.65.0
2016-06-10 00:37:35.352    Version info:    Detection data    5.26
2016-06-10 00:37:35.352    Version info:    Build date    4/5/2016
2016-06-10 00:37:35.352    Version info:    Data files added    443
2016-06-10 00:37:35.352    Version info:    Last successful update    6/9/2016 7:34:50 AM
2016-06-10 00:37:35.352    Error level 1
2016-06-10 00:37:35.777    Update successful
2016-06-10 00:37:45.612    Option all = no
2016-06-10 00:37:45.612    Option recurse = yes
2016-06-10 00:37:45.612    Option archive = no
2016-06-10 00:37:45.612    Option service = yes
2016-06-10 00:37:45.612    Option confirm = yes
2016-06-10 00:37:45.612    Option sxl = yes
2016-06-10 00:37:45.612    Option max-data-age = 35
2016-06-10 00:37:45.612    Option EnableSafeClean = yes
2016-06-10 00:37:46.113    Option vdl-logging = yes
2016-06-10 00:37:46.113    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-06-10 00:37:46.113    Machine ID:    658939ce66d74a22a9ba570506167d60
2016-06-10 00:37:46.113    Component SVRTcli.exe version 2.5.5
2016-06-10 00:37:46.113    Component control.dll version 2.5.5
2016-06-10 00:37:46.113    Component SVRTservice.exe version 2.5.5
2016-06-10 00:37:46.113    Component engine\osdp.dll version 1.44.1.2250
2016-06-10 00:37:46.113    Component engine\veex.dll version 3.65.0.2250
2016-06-10 00:37:46.113    Component engine\savi.dll version 9.0.1.2250
2016-06-10 00:37:46.113    Component rkdisk.dll version 1.5.30.0
2016-06-10 00:37:46.113    Version info:    Product version    2.5.5
2016-06-10 00:37:46.113    Version info:    Detection engine    3.65.0
2016-06-10 00:37:46.113    Version info:    Detection data    5.26
2016-06-10 00:37:46.113    Version info:    Build date    4/5/2016
2016-06-10 00:37:46.113    Version info:    Data files added    446
2016-06-10 00:37:46.113    Version info:    Last successful update    6/9/2016 8:37:35 PM

2016-06-10 01:36:09.502    Could not open C:\hiberfil.sys
2016-06-10 01:36:09.502    Could not open C:\pagefile.sys
2016-06-10 01:47:10.363    Could not open C:\swapfile.sys
2016-06-10 01:47:10.661    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-10 01:47:10.661    Could not open C:\System Volume Information\{ab0f150b-236a-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-10 01:47:10.662    Could not open C:\System Volume Information\{ab471794-2c32-11e6-82a7-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-10 01:47:10.662    Could not open C:\System Volume Information\{e475e9e4-1e02-11e6-82a5-f82fa8dea1ee}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-06-10 02:16:36.112    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-10 02:16:36.112    Disinfection not offered
2016-06-10 02:16:36.143    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-10 02:16:36.143    Disinfection not offered
2016-06-10 02:16:36.174    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-10 02:16:36.174    Disinfection not offered
2016-06-10 02:16:36.228    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-10 02:16:36.228    Disinfection not offered
2016-06-10 02:16:36.259    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-10 02:16:36.259    Disinfection not offered
2016-06-10 02:16:36.297    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-10 02:16:36.297    Disinfection not offered
2016-06-10 02:16:36.328    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-10 02:16:36.328    Disinfection not offered
2016-06-10 02:22:57.783    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-06-10 02:22:57.784    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-06-10 02:23:00.568    Could not open C:\Windows\System32\config\BBI
2016-06-10 02:23:00.753    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-06-10 02:23:00.753    Could not open C:\Windows\System32\config\RegBack\SAM
2016-06-10 02:23:00.753    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-06-10 02:23:00.769    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-06-10 02:23:00.788    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-06-10 02:40:57.530    The following items will be cleaned up:
2016-06-10 02:40:57.530    Mal/VB-ANB
2016-06-10 02:40:57.530    Mal/VB-ANB
2016-06-10 02:40:57.530    Mal/VB-ANB
2016-06-10 02:40:57.530    Mal/VB-ANB
2016-06-10 02:40:57.530    Mal/VB-ANB
2016-06-10 02:40:57.530    Mal/VB-ANB
2016-06-10 02:40:57.530    Mal/VB-ANB
2016-06-10 09:31:10.622    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (1).zip\photo/my ass.exe
2016-06-10 09:31:10.622    Disinfection not offered
2016-06-10 09:31:10.622    Disinfection failed [0xa0040208]
2016-06-10 09:31:10.675    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (2).zip\photo/my ass.exe
2016-06-10 09:31:10.675    Disinfection not offered
2016-06-10 09:31:10.675    Disinfection failed [0xa0040208]
2016-06-10 09:31:10.706    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (3).zip\photo/my ass.exe
2016-06-10 09:31:10.706    Disinfection not offered
2016-06-10 09:31:10.706    Disinfection failed [0xa0040208]
2016-06-10 09:31:10.760    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (4).zip\photo/my ass.exe
2016-06-10 09:31:10.760    Disinfection not offered
2016-06-10 09:31:10.760    Disinfection failed [0xa0040208]
2016-06-10 09:31:10.792    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (5).zip\photo/my ass.exe
2016-06-10 09:31:10.792    Disinfection not offered
2016-06-10 09:31:10.792    Disinfection failed [0xa0040208]
2016-06-10 09:31:10.843    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo (6).zip\photo/my ass.exe
2016-06-10 09:31:10.843    Disinfection not offered
2016-06-10 09:31:10.843    Disinfection failed [0xa0040208]
2016-06-10 09:31:10.891    >>> Virus 'Mal/VB-ANB' found in file C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001df61\photo.zip\photo/my ass.exe
2016-06-10 09:31:10.891    Disinfection not offered
2016-06-10 09:31:10.891    Disinfection failed [0xa0040208]
2016-06-10 09:31:10.891    Error: cleanup failed.
2016-06-10 09:31:11.292    Contents of SafeClean bin directory:
2016-06-10 09:31:11.292    {
2016-06-10 09:31:11.292        RecordID   : "0000000000000001",
2016-06-10 09:31:11.292        ItemType   : "1",
2016-06-10 09:31:11.292        Location   : "C:\Users\Old_drive\ProgramData\8C5206A76D046A1E00008C517A6276A2\",
2016-06-10 09:31:11.292        FileName   : "8C5206A76D046A1E00008C517A6276A2",
2016-06-10 09:31:11.292        ThreatName : "Mal/FakeAvCn-E",
2016-06-10 09:31:11.292        Checksum   : "6bab6678add86f15e35e7379501fdd95dc023f4887aa8fa53fc47cd839d5733b",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:47 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000002",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-10 09:31:11.308        FileName   : "order_id (1).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000003",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-10 09:31:11.308        FileName   : "order_id (2).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000004",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-10 09:31:11.308        FileName   : "order_id (3).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000005",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-10 09:31:11.308        FileName   : "order_id (4).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000006",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-10 09:31:11.308        FileName   : "order_id (5).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000007",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000e862\",
2016-06-10 09:31:11.308        FileName   : "order_id.zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "379ea0ef5f8c44b09d49736aadc754193710ffdff835084865cb5886704f4c8d",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000008",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (1).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000009",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (10).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000000a",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (11).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000000b",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (12).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000000c",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (13).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000000d",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (14).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000000e",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (15).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000000f",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (16).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000010",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (17).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000011",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (18).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000012",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (19).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000013",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (2).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000014",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (20).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000015",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (21).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000016",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (22).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000017",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (23).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000018",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (24).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000019",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (25).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000001a",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (26).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000001b",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (27).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000001c",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (28).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000001d",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (29).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000001e",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (3).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000001f",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (30).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000020",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (31).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000021",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (32).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000022",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (33).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000023",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (34).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000024",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (35).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000025",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (36).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000026",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (37).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000027",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (38).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000028",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (39).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000029",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (4).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000002a",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (40).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000002b",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (41).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000002c",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (42).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000002d",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (43).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000002e",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (44).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000002f",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (45).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000030",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (46).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000031",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (47).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000032",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (5).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000033",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (6).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000034",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (7).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000035",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (8).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000036",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id (9).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000037",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20013d9a\",
2016-06-10 09:31:11.308        FileName   : "report_id.zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "5d5c3b8be45564648db92f45a191d194a972fc455b7c8c8aa520f341f70ea643",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000038",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-10 09:31:11.308        FileName   : "order_report (1).zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "0000000000000039",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2001d8aa\",
2016-06-10 09:31:11.308        FileName   : "order_report.zip",
2016-06-10 09:31:11.308        ThreatName : "Troj/Invo-Zip",
2016-06-10 09:31:11.308        Checksum   : "da9bfcd16bb10328f112d006ac7307a110c1b80c8b2819d9a303e305eb02c773",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:41:56 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000003a",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-10 09:31:11.308        FileName   : "order_id (1).zip",
2016-06-10 09:31:11.308        ThreatName : "Mal/Generic-S",
2016-06-10 09:31:11.308        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000003b",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-10 09:31:11.308        FileName   : "order_id (2).zip",
2016-06-10 09:31:11.308        ThreatName : "Mal/Generic-S",
2016-06-10 09:31:11.308        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000003c",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-10 09:31:11.308        FileName   : "order_id (3).zip",
2016-06-10 09:31:11.308        ThreatName : "Mal/Generic-S",
2016-06-10 09:31:11.308        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000003d",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-10 09:31:11.308        FileName   : "order_id (4).zip",
2016-06-10 09:31:11.308        ThreatName : "Mal/Generic-S",
2016-06-10 09:31:11.308        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000003e",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000ecbd\",
2016-06-10 09:31:11.308        FileName   : "order_id.zip",
2016-06-10 09:31:11.308        ThreatName : "Mal/Generic-S",
2016-06-10 09:31:11.308        Checksum   : "b2537ad9694af0e83c7cad556387e874c8c78b3c6615b2cdb08ce900d1de14ad",
2016-06-10 09:31:11.308        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-10 09:31:11.308    }
2016-06-10 09:31:11.308    {
2016-06-10 09:31:11.308        RecordID   : "000000000000003f",
2016-06-10 09:31:11.308        ItemType   : "1",
2016-06-10 09:31:11.308        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2000edea\",
2016-06-10 09:31:11.308        FileName   : "order_id.zip",
2016-06-10 09:31:11.308        ThreatName : "Mal/Generic-S",
2016-06-10 09:31:11.324        Checksum   : "9a9d3706ae222933817d095ceb609bc0cb7dea9b4d32df1b1a6fdc44fe0dc895",
2016-06-10 09:31:11.324        TimeStamp  : "Wed Jun 08 21:47:25 2016"
2016-06-10 09:31:11.324    }
2016-06-10 09:31:11.324    {
2016-06-10 09:31:11.324        RecordID   : "0000000000000040",
2016-06-10 09:31:11.324        ItemType   : "1",
2016-06-10 09:31:11.324        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-10 09:31:11.324        FileName   : "VOICE3589463733.wav (1).zip",
2016-06-10 09:31:11.324        ThreatName : "Mal/DrodZp-A",
2016-06-10 09:31:11.324        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-10 09:31:11.324        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-10 09:31:11.324    }
2016-06-10 09:31:11.324    {
2016-06-10 09:31:11.324        RecordID   : "0000000000000041",
2016-06-10 09:31:11.324        ItemType   : "1",
2016-06-10 09:31:11.324        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\20029c59\",
2016-06-10 09:31:11.324        FileName   : "VOICE3589463733.wav.zip",
2016-06-10 09:31:11.324        ThreatName : "Mal/DrodZp-A",
2016-06-10 09:31:11.324        Checksum   : "128eae4c39a68058a721d3d44cc587f6d2e19183d77723b4c20bb923c2b06e86",
2016-06-10 09:31:11.324        TimeStamp  : "Wed Jun 08 21:47:59 2016"
2016-06-10 09:31:11.324    }
2016-06-10 09:31:11.324    {
2016-06-10 09:31:11.324        RecordID   : "0000000000000042",
2016-06-10 09:31:11.324        ItemType   : "1",
2016-06-10 09:31:11.324        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-10 09:31:11.324        FileName   : "Invoice (1).zip",
2016-06-10 09:31:11.324        ThreatName : "Troj/JavaDL-XO",
2016-06-10 09:31:11.324        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-10 09:31:11.324        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-10 09:31:11.324    }
2016-06-10 09:31:11.324    {
2016-06-10 09:31:11.324        RecordID   : "0000000000000043",
2016-06-10 09:31:11.324        ItemType   : "1",
2016-06-10 09:31:11.324        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-10 09:31:11.324        FileName   : "Invoice (2).zip",
2016-06-10 09:31:11.324        ThreatName : "Troj/JavaDL-XO",
2016-06-10 09:31:11.324        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-10 09:31:11.324        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-10 09:31:11.324    }
2016-06-10 09:31:11.324    {
2016-06-10 09:31:11.324        RecordID   : "0000000000000044",
2016-06-10 09:31:11.324        ItemType   : "1",
2016-06-10 09:31:11.324        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-10 09:31:11.324        FileName   : "Invoice (3).zip",
2016-06-10 09:31:11.324        ThreatName : "Troj/JavaDL-XO",
2016-06-10 09:31:11.324        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-10 09:31:11.324        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-10 09:31:11.324    }
2016-06-10 09:31:11.324    {
2016-06-10 09:31:11.324        RecordID   : "0000000000000045",
2016-06-10 09:31:11.324        ItemType   : "1",
2016-06-10 09:31:11.324        Location   : "C:\Users\rhoda\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\0d21bb2c652398db\120712-0049\Att\2007276e\",
2016-06-10 09:31:11.324        FileName   : "Invoice.zip",
2016-06-10 09:31:11.324        ThreatName : "Troj/JavaDL-XO",
2016-06-10 09:31:11.324        Checksum   : "ad26a5747e2762cd520f68fe6fcf990bbeaa37350112b972e969bd7011ee00f6",
2016-06-10 09:31:11.324        TimeStamp  : "Wed Jun 08 21:48:12 2016"
2016-06-10 09:31:11.324    }
2016-06-10 09:31:12.143    Error level 0
 

Link to post
Share on other sites