Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Encryption Virus of some kind; dropped !C59F88476E1C & ".crypz" file extensions


  • This topic is locked This topic is locked
35 replies to this topic

#1 NINTR

NINTR

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 22 June 2016 - 02:13 AM

About a year or so ago, I was hit with CryptoWall 3.0. It encrypted a lot of my files and I was only able to remove it thanks to the help of the people on this forum. Now I have been hit with a newer version of an encryption virus. All of my encrypted files now have the extension of ".crypz" and won't open. Luckily, I had most everything backed up that was important, but I am sick to death of getting these viruses! Can someone please help me get rid of this again? I am frightened it is going to encrypt more and more of my stuff as time goes on. I currently have an Avast! and a Malwarebytes scan running, but I don't know what else to do. I'm note sure if the virus is still present or if it has done it's damage and is gone. I thought I was done with this, but I guess it was lying dormant in my PC. Or I caught it from somewhere, though I don't use this computer for much.

Thanks in advance for the help.

*UPDATE*

I just finished up the Avast and Malwarebytes scans. Malwarebytes found nothing, but Avast found a single High Threat file. However, when I click for it to fix/move to chest/delete, etc. the file, it says "Error: File cannot be located". I don't know if the file deleted itself after Avast found it or what has happened, but I am scared to death it's going to get worse. Can someone please please help me make sure this awful virus is gone, and also help me prevent this from happening again? Thanks so much.

 

Here is the results of the FRST scan I just ran.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Deanna (administrator) on DEANNA-PC (22-06-2016 02:58:20)
Running from C:\Users\Deanna\Downloads
Loaded Profiles: Deanna (Available Profiles: Deanna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdcserv.exe
( ) C:\Windows\System32\lxdccoms.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_287_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [lxdcmon.exe] => "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe"
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3037296 2011-05-06] (VIA)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe [737104 2011-07-05] (ecareme)
HKLM-x32\...\Run: [lxdcamon] => C:\Program Files (x86) (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-15] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKU\S-1-5-21-492531289-1107910523-2460122450-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-14] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
Startup: C:\Users\Deanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\!C59F88476E1C.lnk [1899-12-30]
ShortcutTarget: !C59F88476E1C.lnk -> C:\Users\Deanna\AppData\Local\Temp\Low\explorer.exe (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-21]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-21]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-492531289-1107910523-2460122450-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{A2CAE2A6-39CA-444D-89D0-636BC711D7D8}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A2CAE2A6-39CA-444D-89D0-636BC711D7D8}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-492531289-1107910523-2460122450-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-492531289-1107910523-2460122450-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin)
FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-14]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-10-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-14] (AVAST Software)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 lxdcCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [34224 2007-05-25] (Lexmark International, Inc.)
R2 lxdc_device; C:\windows\system32\lxdccoms.exe [567216 2007-05-25] ( )
R2 lxdc_device; C:\windows\SysWOW64\lxdccoms.exe [537520 2007-05-25] ( )
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-14] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-14] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-22 02:58 - 2016-06-22 02:59 - 00021239 _____ C:\Users\Deanna\Downloads\FRST.txt
2016-06-22 02:57 - 2016-06-22 02:58 - 00000000 ____D C:\FRST
2016-06-22 02:52 - 2016-06-22 02:52 - 02387456 _____ (Farbar) C:\Users\Deanna\Downloads\FRST64.exe
2016-06-21 15:13 - 2016-06-21 15:13 - 00000000 ____D C:\Users\Deanna\AppData\Local\{482AE735-FFDA-4229-8982-FB24D9E819CD}
2016-06-20 14:02 - 2016-06-20 14:02 - 00000000 ____D C:\Users\Deanna\AppData\Local\{3B30D565-C802-4ECF-A7E7-89B4C5907E0C}
2016-06-20 01:45 - 2016-06-20 01:45 - 00000568 ____T C:\ProgramData\!C59F88476E1C.cfg
2016-06-19 14:52 - 2016-06-19 14:52 - 00000000 ____D C:\Users\Deanna\AppData\Local\{7D545ED4-8FBF-4425-AFE3-CDBE4E734470}
2016-06-19 02:29 - 2016-06-19 02:29 - 00000000 ____D C:\Users\Deanna\AppData\Local\{E01821E4-1C5B-47E3-BB19-6286DDCA615C}
2016-06-18 18:47 - 2016-06-18 18:47 - 00000000 ____D C:\Users\Deanna\AppData\Local\{DB9EEA2D-E6C2-4565-9610-EB7C0D9956F2}
2016-06-18 14:34 - 2016-06-18 14:34 - 00000000 ____D C:\Users\Deanna\AppData\Local\{74E802B7-5FA1-4B89-9091-2159C77AB6B6}
2016-06-18 02:17 - 2016-06-18 02:17 - 00000000 ____D C:\Users\Deanna\AppData\Local\{61B1535E-10AC-4B64-8836-8F045DBF5E61}
2016-06-17 03:26 - 2016-06-17 03:26 - 00000000 ____D C:\Users\Deanna\AppData\Local\{E212F4AF-BFAE-4DDD-ADBB-C09AD5680739}
2016-06-16 14:25 - 2016-06-16 14:25 - 00000000 ____D C:\Users\Deanna\AppData\Local\{4D7C6C3C-ED61-45BC-B9D2-9324298D3F72}
2016-06-16 03:40 - 2016-06-16 03:40 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-16 00:59 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-16 00:59 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-16 00:59 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-16 00:59 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-16 00:59 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-16 00:59 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-16 00:59 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-16 00:59 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-16 00:59 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-16 00:59 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-16 00:59 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-16 00:59 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-16 00:59 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-16 00:59 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-16 00:59 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-16 00:59 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-16 00:59 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-16 00:59 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-16 00:59 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-16 00:59 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-16 00:59 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-16 00:59 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-16 00:59 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-16 00:59 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-16 00:59 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-16 00:59 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-16 00:59 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-16 00:59 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-16 00:59 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-16 00:59 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-16 00:59 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-16 00:59 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-16 00:59 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-16 00:59 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-16 00:59 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-16 00:59 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-16 00:59 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-16 00:59 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-16 00:59 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-16 00:59 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-16 00:58 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-16 00:58 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-16 00:58 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-16 00:58 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-16 00:58 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-16 00:58 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-16 00:58 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-16 00:58 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-16 00:58 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-16 00:58 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 00:58 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-16 00:58 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-16 00:58 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-16 00:58 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-16 00:58 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-16 00:58 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-16 00:58 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-16 00:58 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-16 00:58 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-16 00:58 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-16 00:58 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-16 00:57 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-16 00:57 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-16 00:57 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-16 00:57 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-16 00:57 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-16 00:57 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-16 00:57 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-16 00:57 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-16 00:57 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-16 00:57 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-16 00:57 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-16 00:57 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-16 00:57 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-16 00:57 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-16 00:57 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-16 00:57 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-16 00:57 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-16 00:57 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-16 00:57 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-16 00:57 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-16 00:57 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-16 00:57 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-16 00:57 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-16 00:57 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-16 00:57 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-16 00:57 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-16 00:57 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-16 00:57 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-16 00:57 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-16 00:57 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-16 00:57 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-16 00:57 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-16 00:57 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-16 00:57 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-16 00:57 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-16 00:57 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-16 00:57 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-16 00:57 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-16 00:57 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-16 00:57 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-16 00:57 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-16 00:57 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-06-16 00:57 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-06-16 00:57 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-06-16 00:57 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-06-16 00:57 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-06-16 00:57 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-06-16 00:57 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-06-16 00:57 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-06-16 00:56 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-16 00:56 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-16 00:56 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-16 00:56 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-16 00:56 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-16 00:56 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-16 00:56 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-16 00:56 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-16 00:56 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-16 00:56 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-16 00:56 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-16 00:56 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-16 00:56 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-16 00:56 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-16 00:56 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-16 00:56 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-16 00:56 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-16 00:56 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-16 00:56 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-16 00:56 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-16 00:56 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-16 00:56 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-16 00:56 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-16 00:56 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-16 00:56 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-16 00:56 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-16 00:56 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-16 00:56 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-16 00:56 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-16 00:56 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-16 00:56 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-16 00:56 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-16 00:56 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-16 00:56 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-16 00:56 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-16 00:56 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-16 00:56 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-16 00:56 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-16 00:56 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-16 00:56 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-06-16 00:27 - 2016-06-16 00:27 - 00000000 ____D C:\Users\Deanna\AppData\Local\{B0F56E1B-3082-4BF2-928F-C2CAC63C53B6}
2016-06-15 04:32 - 2016-06-15 04:32 - 00000000 ____D C:\Users\Deanna\AppData\Local\{96A1A156-1559-4F5F-AFDA-1672AC582F73}
2016-06-14 15:09 - 2016-06-14 15:04 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-06-14 15:07 - 2016-06-14 15:06 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-06-14 15:05 - 2016-06-14 15:05 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-06-14 14:33 - 2016-06-14 14:33 - 00000000 ____D C:\Users\Deanna\AppData\Local\{4E780A11-213F-42A9-9C42-C0181926F9EB}
2016-06-13 13:19 - 2016-06-13 13:19 - 00000000 ____D C:\Users\Deanna\AppData\Local\{64629DC0-6DF5-4785-851D-EA633D1E8095}
2016-06-12 16:15 - 2016-06-12 16:15 - 00000000 ____D C:\Users\Deanna\AppData\Local\{94107D12-8A32-4E6A-AF51-46D4AA53CF4B}
2016-06-12 01:53 - 2016-06-12 01:53 - 00000000 ____D C:\Users\Deanna\AppData\Local\{014B0D3B-51B8-4410-A4C7-40C33A39EB4E}
2016-06-11 12:32 - 2016-06-11 12:32 - 00000000 ____D C:\Users\Deanna\AppData\Local\{A066566F-6784-4607-9528-0A0DEC39DB32}
2016-06-11 02:49 - 2016-06-11 02:49 - 00000000 ____D C:\Users\Deanna\AppData\Local\{05FD6A39-7042-4803-95B2-4DA7F91884B8}
2016-06-10 14:06 - 2016-06-10 14:06 - 00000000 ____D C:\Users\Deanna\AppData\Local\{51D8022F-C4AD-441A-A296-EB7F56D1C764}
2016-06-09 15:19 - 2016-06-09 15:32 - 00014317 ____R C:\Users\Deanna\Documents\Amber Coroner Letter.docx.crypz
2016-06-09 14:53 - 2016-06-09 14:54 - 00000000 ____D C:\Users\Deanna\AppData\Local\{55FD5EA5-E9AC-417C-A9C4-2ABD4B7565B5}
2016-06-09 01:10 - 2016-06-09 01:10 - 00000000 ____D C:\Users\Deanna\AppData\Local\{DF3F7E0C-D422-49D1-9B6D-9E956BE649D7}
2016-06-08 22:36 - 2016-06-08 22:39 - 00014654 ____R C:\Users\Deanna\Documents\Michael Slaughter Letter 2.docx.crypz
2016-06-08 13:08 - 2016-06-08 13:09 - 00000000 ____D C:\Users\Deanna\AppData\Local\{A717523B-E4A9-4AE0-9A4F-D57D3C08C8B7}
2016-06-08 03:02 - 2016-06-08 03:02 - 00000000 ____D C:\Users\Deanna\AppData\Local\{3BEE8D4D-F7D3-4D56-BA0D-8F647811A943}
2016-06-07 15:36 - 2016-06-07 18:06 - 01692428 ____R C:\Users\Deanna\Documents\Macy's Receipts.docx.crypz
2016-06-07 14:28 - 2016-06-07 14:28 - 00000000 ____D C:\Users\Deanna\AppData\Local\{C72EB304-A285-4F7D-8E6B-2C8A81140104}
2016-06-06 13:52 - 2016-06-06 13:52 - 00000000 ____D C:\Users\Deanna\AppData\Local\{D7B1C3C7-382F-46BE-8FE0-7EB378CD9EFC}
2016-06-06 01:01 - 2016-06-07 01:42 - 00015207 ____R C:\Users\Deanna\Documents\Doris' Doctor Letter.docx.crypz
2016-06-05 17:11 - 2016-06-05 17:11 - 00000000 ____D C:\Users\Deanna\AppData\Local\{955B7C18-977F-483D-B106-6F764A082DE4}
2016-06-05 03:17 - 2016-06-05 03:17 - 00000000 ____D C:\Users\Deanna\AppData\Local\{ABDDA6FF-F044-4A2B-B9FF-399BCBFC2E90}
2016-06-04 15:16 - 2016-06-04 15:16 - 00000000 ____D C:\Users\Deanna\AppData\Local\{2C9288F0-7063-43F2-85F7-4D1905AF80F7}
2016-06-04 01:53 - 2016-06-04 01:53 - 00000000 ____D C:\Users\Deanna\AppData\Local\{7770559B-435A-4420-A028-95B111A75F1C}
2016-06-03 13:24 - 2016-06-03 13:24 - 00000000 ____D C:\Users\Deanna\AppData\Local\{89CDC72A-DE39-4AEF-A70A-6AAE5CDAC9D2}
2016-06-03 00:57 - 2016-06-03 00:57 - 01276564 ____R C:\Users\Deanna\Documents\Adirondack Chairs.docx.crypz
2016-06-03 00:47 - 2016-06-03 00:47 - 00000000 ____D C:\Users\Deanna\AppData\Local\{B559B857-247A-49A7-A609-B990681F53FD}
2016-06-02 12:40 - 2016-06-02 12:40 - 00000000 ____D C:\Users\Deanna\AppData\Local\{97CDF2F3-BD14-4F2F-8B16-DA9EC8A054FC}
2016-06-02 01:47 - 2016-06-08 22:46 - 12989847 ____R C:\Users\Deanna\Documents\Gregg Facebook (All).docx.crypz
2016-06-01 14:23 - 2016-06-01 14:24 - 00000000 ____D C:\Users\Deanna\AppData\Local\{155EA9F0-2F03-41EE-A53E-0F2738A6877E}
2016-05-31 19:25 - 2016-05-31 19:26 - 00000000 ____D C:\Users\Deanna\AppData\Local\{96355C45-FB48-492E-ABD6-F23C0BBD7DC2}
2016-05-30 14:33 - 2016-05-30 14:33 - 00000000 ____D C:\Users\Deanna\AppData\Local\{4C4BB231-D972-43BC-AE9A-008A8A97A601}
2016-05-29 13:43 - 2016-05-29 13:43 - 00000000 ____D C:\Users\Deanna\AppData\Local\{44E782D5-7146-4C37-B43C-E2D15F66CA47}
2016-05-28 13:02 - 2016-05-28 13:02 - 00000000 ____D C:\Users\Deanna\AppData\Local\{232BBD23-0295-4517-B9EE-3331BF7BE8EF}
2016-05-27 14:16 - 2016-05-27 14:16 - 00000000 ____D C:\Users\Deanna\AppData\Local\{D3550376-A87E-4E31-BB4D-BC797890E126}
2016-05-27 01:07 - 2016-05-27 01:07 - 00000000 ____D C:\Users\Deanna\AppData\Local\{C395B5E6-2C3F-4EAF-BD78-4CD414AF58D0}
2016-05-26 13:06 - 2016-05-26 13:06 - 00000000 ____D C:\Users\Deanna\AppData\Local\{F65E7D7D-2D6D-4202-8226-99C9CA4AACBE}
2016-05-26 00:13 - 2016-05-26 19:46 - 00060643 ____R C:\Users\Deanna\Documents\Production Company Logo.docx.crypz
2016-05-25 13:52 - 2016-05-25 13:52 - 00000000 ____D C:\Users\Deanna\AppData\Local\{BAE718A3-6E3C-4034-983D-F2D58C4B90CF}
2016-05-24 14:03 - 2016-05-24 14:03 - 00000000 ____D C:\Users\Deanna\AppData\Local\{18D10833-7A7C-4937-9C1F-68DB5C81A3B4}
2016-05-23 18:38 - 2016-05-23 18:38 - 00000000 ____D C:\Users\Deanna\AppData\Local\{814E48B8-FC10-4669-A690-778AE1E3AA32}
2016-05-23 14:10 - 2016-05-23 14:10 - 00000000 ____D C:\Users\Deanna\AppData\Local\{AEC7D540-CFA7-4494-B993-11BE49DD7343}
2016-05-23 14:04 - 2016-05-23 14:05 - 00000000 ____D C:\Users\Deanna\AppData\Local\{67F64C19-EFE0-4529-BE87-19025EAD0695}
2016-05-23 00:23 - 2016-05-23 00:23 - 01054062 _____ C:\ProgramData\SPL751F.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-22 02:56 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-22 02:56 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-22 02:21 - 2014-10-07 01:32 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 18:43 - 2009-07-14 01:13 - 00799112 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-21 18:43 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-06-21 18:36 - 2014-10-07 01:32 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 00:56 - 2014-10-07 01:33 - 00000000 ___RD C:\Users\Deanna\Google Drive
2016-06-21 00:53 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-20 19:57 - 2015-02-01 16:03 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-20 14:10 - 2014-12-17 21:45 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-06-20 01:59 - 2014-08-24 13:49 - 00000000 ___RD C:\Users\Deanna\Documents\Scanned Documents
2016-06-20 01:58 - 2014-12-17 21:36 - 00000000 ____D C:\Users\Deanna\Documents\Amazon Downloader Logs
2016-06-20 01:55 - 2014-08-13 00:50 - 00000000 ____D C:\Sounds 9
2016-06-20 01:55 - 2014-08-05 22:51 - 00000000 ____D C:\Sounds 7
2016-06-20 01:54 - 2015-02-18 20:49 - 00000000 ____D C:\Sounds 18
2016-06-20 01:54 - 2014-07-25 13:13 - 00000000 ____D C:\Sounds 6
2016-06-20 01:54 - 2014-07-04 19:06 - 00000000 ____D C:\Sounds 4
2016-06-20 01:54 - 2014-06-29 01:34 - 00000000 ____D C:\Sounds 3
2016-06-20 01:53 - 2014-12-21 01:57 - 00000000 ____D C:\Sounds 17
2016-06-20 01:52 - 2014-11-28 05:23 - 00000000 ____D C:\Sounds 14
2016-06-20 01:49 - 2015-06-01 20:53 - 00000000 ____D C:\Sounds
2016-06-20 01:49 - 2014-09-23 04:15 - 00000000 ____D C:\Sounds 11
2016-06-16 04:46 - 2012-06-09 23:50 - 00000000 ___RD C:\Users\Deanna\Podcasts
2016-06-16 03:40 - 2016-04-24 13:48 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1461520116
2016-06-16 03:38 - 2009-07-14 00:45 - 00267672 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-16 03:33 - 2014-12-10 04:25 - 00000000 ____D C:\windows\system32\appraiser
2016-06-16 03:32 - 2015-06-09 01:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-06-16 03:10 - 2013-07-15 03:00 - 00000000 ____D C:\windows\system32\MRT
2016-06-16 03:10 - 2012-09-01 22:11 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-14 15:06 - 2014-12-17 21:44 - 00465792 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-06-14 15:06 - 2014-12-17 21:44 - 00287528 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2016-06-14 15:06 - 2014-12-17 21:44 - 00166432 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-06-14 15:06 - 2014-12-17 21:44 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-06-14 15:06 - 2014-12-17 21:44 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-06-14 15:06 - 2014-12-17 21:44 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-06-14 15:06 - 2014-12-17 21:44 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-06-14 15:04 - 2014-12-17 21:44 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-06-13 19:31 - 2010-11-20 23:27 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-05-31 22:52 - 2016-05-17 00:05 - 00167646 ____R C:\Users\Deanna\Documents\Terry Weatherby Bill.docx.crypz
2016-05-31 19:24 - 2014-12-16 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-05-26 03:01 - 2015-04-05 03:01 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-05-26 03:01 - 2015-04-05 03:01 - 00000000 ___SD C:\windows\system32\GWX

==================== Files in the root of some directories =======

2015-01-29 14:31 - 2015-01-29 14:31 - 0000480 ____H () C:\Users\Deanna\AppData\Roaming\麽鎒駓覜
1899-12-30 00:00 - 1899-12-30 00:00 - 2592054 ____T () C:\ProgramData\!C59F88476E1C.bmp
2016-06-20 01:45 - 2016-06-20 01:45 - 0000568 ____T () C:\ProgramData\!C59F88476E1C.cfg
1601-06-29 19:18 - 1601-06-29 19:18 - 0036204 _____ () C:\ProgramData\!C59F88476E1C.html
2015-01-29 14:32 - 2015-01-29 14:32 - 0000664 _____ () C:\ProgramData\@system.temp
2015-01-29 14:32 - 2015-01-29 14:32 - 0000400 ____H () C:\ProgramData\@system3.att
2015-09-11 03:37 - 2015-09-11 03:37 - 0832605 _____ () C:\ProgramData\SPL1436.tmp
2015-11-12 02:41 - 2015-11-12 02:41 - 3629223 _____ () C:\ProgramData\SPL1B0E.tmp
2015-04-23 20:48 - 2015-04-23 20:48 - 1281225 _____ () C:\ProgramData\SPL1B19.tmp
2015-09-24 02:53 - 2015-09-24 02:53 - 0450362 _____ () C:\ProgramData\SPL1B2F.tmp
2015-02-19 04:32 - 2015-02-19 04:32 - 0553204 _____ () C:\ProgramData\SPL1B9A.tmp
2015-11-12 03:02 - 2015-11-12 03:02 - 2587957 _____ () C:\ProgramData\SPL1BF9.tmp
2016-01-04 01:31 - 2016-01-04 01:31 - 2048396 _____ () C:\ProgramData\SPL1D90.tmp
2015-12-27 03:34 - 2015-12-27 03:34 - 1204271 _____ () C:\ProgramData\SPL1DD8.tmp
2015-11-29 14:55 - 2015-11-29 14:55 - 1819424 _____ () C:\ProgramData\SPL3D10.tmp
2015-09-21 23:33 - 2015-09-21 23:33 - 6942099 _____ () C:\ProgramData\SPL5233.tmp
2015-05-13 23:26 - 2015-05-13 23:26 - 1231462 _____ () C:\ProgramData\SPL564E.tmp
2015-09-07 03:28 - 2015-09-07 03:28 - 2379858 _____ () C:\ProgramData\SPL5B34.tmp
2015-09-30 00:15 - 2015-09-30 00:15 - 4562149 _____ () C:\ProgramData\SPL6780.tmp
2016-01-05 04:14 - 2016-01-05 04:14 - 1965183 _____ () C:\ProgramData\SPL7456.tmp
2016-05-23 00:23 - 2016-05-23 00:23 - 1054062 _____ () C:\ProgramData\SPL751F.tmp
2015-10-01 14:03 - 2015-10-01 14:03 - 1253135 _____ () C:\ProgramData\SPL7669.tmp
2015-09-11 03:35 - 2015-09-11 03:35 - 0832605 _____ () C:\ProgramData\SPL7681.tmp
2015-05-13 23:28 - 2015-05-13 23:28 - 1231462 _____ () C:\ProgramData\SPL77B3.tmp
2015-09-07 03:27 - 2015-09-07 03:27 - 2379858 _____ () C:\ProgramData\SPL7AA5.tmp
2015-12-31 03:42 - 2015-12-31 03:43 - 8706928 _____ () C:\ProgramData\SPL7FE1.tmp
2015-11-26 04:32 - 2015-11-26 04:32 - 1375428 _____ () C:\ProgramData\SPL80E5.tmp
2015-04-24 03:56 - 2015-04-24 03:56 - 1084975 _____ () C:\ProgramData\SPL8191.tmp
2015-12-01 15:08 - 2015-12-01 15:08 - 0580692 _____ () C:\ProgramData\SPL8EED.tmp
2015-09-11 19:39 - 2015-09-11 19:39 - 0832605 _____ () C:\ProgramData\SPL90F5.tmp
2015-02-20 01:49 - 2015-02-20 01:49 - 0232956 _____ () C:\ProgramData\SPL9899.tmp
2015-09-30 00:14 - 2015-09-30 00:14 - 4562149 _____ () C:\ProgramData\SPL98BD.tmp
2015-05-13 23:29 - 2015-05-13 23:29 - 1779088 _____ () C:\ProgramData\SPL9A5F.tmp
2015-02-19 04:26 - 2015-02-19 04:26 - 0727844 _____ () C:\ProgramData\SPL9E05.tmp
2015-09-07 03:25 - 2015-09-07 03:25 - 2379858 _____ () C:\ProgramData\SPL9FB2.tmp
2015-05-13 22:32 - 2015-05-13 22:32 - 1320245 _____ () C:\ProgramData\SPLA575.tmp
2015-04-23 20:51 - 2015-04-23 20:51 - 1266505 _____ () C:\ProgramData\SPLACFE.tmp
2015-05-13 22:40 - 2015-05-13 22:40 - 1226299 _____ () C:\ProgramData\SPLBFB9.tmp
2015-09-24 02:53 - 2015-09-24 02:53 - 0450362 _____ () C:\ProgramData\SPLC285.tmp
2015-09-21 23:33 - 2015-09-21 23:33 - 6942099 _____ () C:\ProgramData\SPLC5CC.tmp
2015-09-21 23:36 - 2015-09-21 23:36 - 3231813 _____ () C:\ProgramData\SPLCBB.tmp
2016-01-05 04:15 - 2016-01-05 04:15 - 1965183 _____ () C:\ProgramData\SPLD681.tmp
2015-05-13 22:36 - 2015-05-13 22:36 - 1236846 _____ () C:\ProgramData\SPLEF34.tmp
2016-05-19 00:20 - 2016-05-19 00:20 - 6573048 _____ () C:\ProgramData\SPLFB04.tmp

Files to move or delete:
====================
C:\windows\SysWOW64\ntshrui.dll

Some files in TEMP:
====================
C:\Users\Deanna\AppData\Local\Temp\8gm4jpbf.dll
C:\Users\Deanna\AppData\Local\Temp\AcDeltree.exe
C:\Users\Deanna\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Deanna\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Deanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Deanna\AppData\Local\Temp\setup.exe
C:\Users\Deanna\AppData\Local\Temp\sqlite3.dll
C:\Users\Deanna\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-04 03:50

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 24 June 2016 - 12:44 PM

Hi NINTR :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

Let me know if you have any questions.

 

polskamachina


Edited by polskamachina, 24 June 2016 - 04:04 PM.


#3 NINTR

NINTR
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 24 June 2016 - 02:24 PM

Thanks so much for replying, @polsmachina. I really need your assistance and I'm very happy to have your help. :)



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 24 June 2016 - 04:05 PM

You're quite welcome. :)

 

polskamachina



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 24 June 2016 - 09:07 PM

Hi NINTR :)

I just finished up the Avast and Malwarebytes scans. Malwarebytes found nothing, but Avast found a single High Threat file. However, when I click for it to fix/move to chest/delete, etc. the file, it says "Error: File cannot be located".

Can you find the Avast log file of this scan and paste it into your next reply to me?

 

Let me know if you have any questions.

 

polskamachina



#6 NINTR

NINTR
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 25 June 2016 - 01:52 AM

If you can direct me to the location of this log file, I should be able to find it. I still have the results of the final scan up, and it's been up for three days or so. I haven't closed out of it because I may need it for reference. I'm afraid to go looking around too much. If you could please direct me on how to get to the log for this scan, I'll have it for you.



#7 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 25 June 2016 - 06:35 PM

Hi NINTR :)

 

The path to the report should be in this folder:

C:\ProgramData\Avast Software\Avast\report\

 

You will need to have enabled the option to view hidden files and folders. Here is a link to explain that.

 

Please copy and paste the most recent scan log into your next reply to me.

 

Let me know if you have any questions.

 

polskamachina



#8 NINTR

NINTR
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 26 June 2016 - 02:57 AM

Alright, I went to the location you described, and I found a number of files. They are entitled:
aswBoot.txt

EmailShield.txt

FileSystemShield.txt

WebShield.txt
These are the only four results I get, even with the Hidden Files options set to show me everything. Which of these are you wanting to see? The aswBoot.txt file was last edited back in 2015, but the other 3 show the entire history of the scans and blocks they have done on the computer.

However, none of them show me the results of the scan I recently ran. Any idea how to find the report you are requesting?



#9 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 27 June 2016 - 01:39 AM

Hi NINTR :)

 

Open the Avast interface by right-clicking the Avast icon in the system tray. There should be an option to open the program/interface. Then click on the following items:

 

 Scan > Scan for Viruses - at the bottom of that window, you should find it there - Scan History.

 

Did that help?

 

polskamachina



#10 NINTR

NINTR
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 28 June 2016 - 11:32 PM

Okay, first of all, sorry for not replying to this sooner. I didn't get a notification in my email about your reply.

Secondly, I did what you said and was only able to find basic information of the report. Nothing like what you were asking me to copy and paste into my response. I wasn't able to copy any of the information, and it wasn't very detailed, either.



#11 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 29 June 2016 - 12:13 AM

Hi NINTR :)

 

No worries about the delay or the absence of the scan log. I should be able to get back to you tomorrow with some more detailed information about your issues.

 

polskamachina



#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 29 June 2016 - 07:57 PM

Hi NINTR :)
 
Let's set aside the search for the Avast scan for now.
 
Due to the fact that you have more than one anti-virus program installed, please read the following:
 
Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.
 
We need to remove a program using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
Uninstall the following by clicking on one of the below entries and selecting Remove. Make sure you only uninstall one of the following entries:
 

  • Trend Micro Titanium Internet Security
  • or
  • Avast! Antivirus

Additional instructions can be found here if needed.

 

Next:

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click AdwCleaner and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile into your next reply to me.
  • A copy of all logfiles are saved to C:\AdwCleaner.

In summary I will need from you:

  • Confirmation that you uninstalled one of your anti-virus programs
  • AdwCleaner log
  • How is your system running now?

Let me know if you have any questions.

 

polskamachina



#13 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 02 July 2016 - 08:11 PM

Hi NINTR :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.

 

polskamachina



#14 NINTR

NINTR
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 03 July 2016 - 12:29 AM

Yes, I am still in need of your help. I haven't had a chance to do the work listed above. My grandmother had a health crisis. Thank you.



#15 polskamachina

polskamachina

  • Malware Response Team
  • 4,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 PM

Posted 03 July 2016 - 07:53 PM

Hi NINTR :)

 

Ok. Please stay in touch.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users