Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NEED HELP! Please someone help me stop this! Encryption Virus of some kind!


  • This topic is locked This topic is locked
1 reply to this topic

#1 NINTR

NINTR

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 30 August 2016 - 11:07 PM

Not sure why my previous post was moved from this, but I need help from a professional. I don't want just simple information about the issue, I need someone to write back who can help me run the proper scans to get rid of this. PLEASE DO NOT MOVE MY POST AGAIN!

Here's a title of one of the encrypted files:

!c59f88476e1c.txt.id_8091818e5c3bb547_email_enc2@dr.com_.scl

I don't understand where these keep coming from! I can't take this anymore! I've been hit by three of these! I don't use my computer for much other than a little bit of internet browsing and some email. Where do they keep coming from and how can I get rid of it?! Please someone help me! I can't keep going through this! I've lost three family members in the last few months and the last thing I need is this computer to keep catching viruses that are encrypting pictures of my loved ones who have died. Please, please help me fix this, get rid of the virus and find out where they are coming from! PLEASE!

 

I am currently running an Avast! scan, and I am also running an FRST scan, as well. Results will be posted as soon as I get them.

 

***UPDATE***

 

Here are the results of the FRST scan. Can someone look at this and

1. Get rid of the virus that is currently on my computer, and

2. Help me figure out where the issue is that is letting these viruses into my computer consistently. This is the third one I've had in the last year and I don't know where they are coming from.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by Deanna (administrator) on DEANNA-PC (31-08-2016 00:06:48)
Running from C:\Users\Deanna\Downloads
Loaded Profiles: Deanna &  (Available Profiles: Deanna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdcserv.exe
( ) C:\Windows\System32\lxdccoms.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\KODAK Wireless Utility.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_287_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VizorHtmlDialog.exe] => C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [lxdcmon.exe] => "C:\Program Files (x86)\Lexmark 1300 Series\lxdcmon.exe"
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3037296 2011-05-06] (VIA)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe [737104 2011-07-05] (ecareme)
HKLM-x32\...\Run: [lxdcamon] => C:\Program Files (x86) (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-08] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKU\S-1-5-21-492531289-1107910523-2460122450-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-492531289-1107910523-2460122450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-29] (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT_YOUR_FILES.HTML [2016-08-30] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT_YOUR_FILES.TXT [2016-08-30] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-492531289-1107910523-2460122450-1001] => http=127.0.0.1:16110;https=127.0.0.1:16110
ProxyServer: [S-1-5-21-492531289-1107910523-2460122450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:16110;https=127.0.0.1:16110
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{A2CAE2A6-39CA-444D-89D0-636BC711D7D8}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A2CAE2A6-39CA-444D-89D0-636BC711D7D8}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-492531289-1107910523-2460122450-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-492531289-1107910523-2460122450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [2010-09-17] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [2010-09-17] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll [2010-09-17] (Trend Micro Inc.)

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin)
FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2015-11-06] (Samsung Techwin)
FF Plugin HKU\S-1-5-21-492531289-1107910523-2460122450-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2015-09-24] (Samsung Techwin)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension
FF Extension: (Trend Micro NSC Firefox Extension) - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension [2011-10-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-06-29] (AVAST Software)
S2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [34304 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 lxdcCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [34224 2007-05-25] (Lexmark International, Inc.)
R2 lxdc_device; C:\windows\system32\lxdccoms.exe [567216 2007-05-25] ( )
R2 lxdc_device; C:\windows\SysWOW64\lxdccoms.exe [537520 2007-05-25] ( )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [32256 2015-07-06] (Digital Market Research Apps Pty Ltd) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-30] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2016-08-30] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [15416 2009-07-16] ()
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-30 23:03 - 2016-08-30 23:03 - 00000000 ____D C:\Users\Deanna\AppData\Local\{830F824D-FD13-483E-A5DB-79C1F82CE7B8}
2016-08-30 22:32 - 2016-08-30 22:32 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-08-30 22:32 - 2016-08-30 22:32 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-08-30 22:32 - 2016-08-30 22:29 - 00473592 _____ (AVAST Software) C:\windows\system32\Drivers\aswC150.tmp
2016-08-30 22:32 - 2016-08-30 22:29 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswC3D0.tmp
2016-08-30 22:32 - 2016-06-29 21:23 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswAAA0.tmp
2016-08-30 22:32 - 2016-06-29 21:23 - 00162904 _____ (AVAST Software) C:\windows\system32\Drivers\aswC9BB.tmp
2016-08-30 22:32 - 2016-06-29 21:23 - 00108304 _____ (AVAST Software) C:\windows\system32\Drivers\aswB9B0.tmp
2016-08-30 22:32 - 2016-06-29 21:23 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswB29C.tmp
2016-08-30 22:32 - 2016-06-29 21:23 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswBC40.tmp
2016-08-30 22:32 - 2016-06-29 21:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswB4EE.tmp
2016-08-30 22:32 - 2016-06-29 21:23 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw9F87.tmp
2016-08-30 22:28 - 2016-08-05 12:00 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswDDAB.tmp
2016-08-30 22:28 - 2016-07-13 12:10 - 00473592 _____ (AVAST Software) C:\windows\system32\Drivers\aswDA40.tmp
2016-08-30 22:28 - 2016-06-29 21:23 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswC1EA.tmp
2016-08-30 22:28 - 2016-06-29 21:23 - 00162904 _____ (AVAST Software) C:\windows\system32\Drivers\aswE347.tmp
2016-08-30 22:28 - 2016-06-29 21:23 - 00108304 _____ (AVAST Software) C:\windows\system32\Drivers\aswCFC3.tmp
2016-08-30 22:28 - 2016-06-29 21:23 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswC748.tmp
2016-08-30 22:28 - 2016-06-29 21:23 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswD408.tmp
2016-08-30 22:28 - 2016-06-29 21:23 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswC9E8.tmp
2016-08-30 22:28 - 2016-06-29 21:23 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\asw52C3.tmp
2016-08-30 20:31 - 2016-08-30 20:31 - 05990192 _____ C:\Users\Deanna\Documents\marc maron.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 01905024 _____ C:\Users\Deanna\Documents\leconte bill.pdf.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 01431696 _____ C:\Users\Deanna\Documents\le conte bill 2.pdf.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 01182320 _____ C:\Users\Deanna\Documents\baby shower poster.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 01014000 _____ C:\Users\Deanna\Documents\gregg and eddie.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00775648 _____ C:\Users\Deanna\Documents\plaid marc maron.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00325888 _____ C:\Users\Deanna\Documents\durbin_the unstoppable force paradox.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00203568 _____ C:\Users\Deanna\Documents\dr. carter.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00191152 _____ C:\Users\Deanna\Documents\flowers of liberty building.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00091456 _____ C:\Users\Deanna\Documents\wyndham price division.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00065520 _____ C:\Users\Deanna\Documents\fishy!.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00046832 _____ C:\Users\Deanna\Documents\pain diary.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00036208 _____ C:\Users\Deanna\Documents\!c59f88476e1c.html.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00034384 _____ C:\Users\Deanna\Documents\13 flowchart.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00019776 _____ C:\Users\Deanna\Documents\maron letter.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00015296 _____ C:\Users\Deanna\Documents\cds for vacation tracklists.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00013392 _____ C:\Users\Deanna\Documents\13 flowchart 2.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00003192 _____ C:\Users\Deanna\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:31 - 2016-08-30 20:31 - 00003192 _____ C:\Users\Deanna\Documents\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:31 - 2016-08-30 20:31 - 00003192 _____ C:\Users\Deanna\Desktop\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:31 - 2016-08-30 20:31 - 00003192 _____ C:\Users\Deanna\AppData\Roaming\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:31 - 2016-08-30 20:31 - 00003192 _____ C:\Users\Deanna\AppData\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:31 - 2016-08-30 20:31 - 00002124 _____ C:\Users\Deanna\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:31 - 2016-08-30 20:31 - 00002124 _____ C:\Users\Deanna\Documents\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:31 - 2016-08-30 20:31 - 00002124 _____ C:\Users\Deanna\Desktop\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:31 - 2016-08-30 20:31 - 00002124 _____ C:\Users\Deanna\AppData\Roaming\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:31 - 2016-08-30 20:31 - 00002124 _____ C:\Users\Deanna\AppData\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:31 - 2016-08-30 20:31 - 00001760 _____ C:\Users\Deanna\Documents\!c59f88476e1c.txt.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00000176 _____ C:\Users\Deanna\Documents\~$owers of liberty building.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:31 - 2016-08-30 20:31 - 00000176 _____ C:\Users\Deanna\Documents\~$ flowchart.docx.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:30 - 2016-08-30 20:30 - 00003192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:30 - 2016-08-30 20:30 - 00003192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:30 - 2016-08-30 20:30 - 00002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:30 - 2016-08-30 20:30 - 00002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:29 - 2016-08-30 20:29 - 03174160 _____ C:\ProgramData\spldb6e.tmp.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:29 - 2016-08-30 20:29 - 03174160 _____ C:\ProgramData\spl6bbb.tmp.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:29 - 2016-08-30 20:29 - 00036208 _____ C:\!c59f88476e1c.html.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:29 - 2016-08-30 20:29 - 00003192 _____ C:\Users\Public\Documents\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:29 - 2016-08-30 20:29 - 00003192 _____ C:\Users\Public\Desktop\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:29 - 2016-08-30 20:29 - 00003192 _____ C:\Users\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:29 - 2016-08-30 20:29 - 00003192 _____ C:\ProgramData\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:29 - 2016-08-30 20:29 - 00003192 _____ C:\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:29 - 2016-08-30 20:29 - 00002124 _____ C:\Users\Public\Documents\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:29 - 2016-08-30 20:29 - 00002124 _____ C:\Users\Public\Desktop\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:29 - 2016-08-30 20:29 - 00002124 _____ C:\Users\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:29 - 2016-08-30 20:29 - 00002124 _____ C:\ProgramData\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:29 - 2016-08-30 20:29 - 00002124 _____ C:\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:29 - 2016-08-30 20:29 - 00001760 _____ C:\!c59f88476e1c.txt.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:29 - 2016-08-30 20:29 - 00000992 _____ C:\lxdc.log.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 13:16 - 2016-08-30 13:16 - 00000000 ____D C:\Users\Deanna\AppData\Local\{78D9EE5A-EC83-47B2-98F3-B8BF31E0105A}
2016-08-29 21:30 - 2016-08-29 21:30 - 00000000 ____D C:\Users\Deanna\AppData\Local\{7B5FCB9E-7C2A-4B30-A547-06DE8CF62C16}
2016-08-29 21:12 - 2016-08-29 21:12 - 00000000 ____D C:\Users\Deanna\AppData\Local\{2B675941-3A31-4406-82E3-762A86CB855A}
2016-08-29 02:38 - 2016-08-29 02:38 - 00000000 ____D C:\Users\Deanna\AppData\Local\{94C28713-753E-401B-A229-6AFE506E629D}
2016-08-28 12:04 - 2016-08-28 12:04 - 00000000 ____D C:\Users\Deanna\AppData\Local\{F34080EE-59B2-43CA-8F58-F660E516B9E3}
2016-08-27 21:38 - 2016-08-27 21:38 - 00000000 ____D C:\Users\Deanna\AppData\Local\{0ADFBD61-5228-4F88-B2F0-2AE2A20D08EF}
2016-08-19 12:14 - 2016-08-19 12:14 - 00000000 ____D C:\Users\Deanna\AppData\Local\{E7AF2430-702B-4A80-A669-B2F186173587}
2016-08-18 13:05 - 2016-08-18 13:05 - 00000000 ____D C:\Users\Deanna\AppData\Local\{BE9DC55A-A733-44B0-B1DA-483540760FFE}
2016-08-17 19:17 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-08-17 19:17 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-08-17 11:42 - 2016-08-17 11:42 - 00000000 ____D C:\Users\Deanna\AppData\Local\{C2124D09-6EC7-4BED-AC6C-68B1EB99E6EB}
2016-08-16 19:12 - 2016-08-16 19:12 - 00000000 ____D C:\Users\Deanna\AppData\Local\{40F0B3AA-20B1-4014-B417-EBB470036DB3}
2016-08-16 02:41 - 2016-08-16 02:41 - 00000000 ____D C:\Users\Deanna\AppData\Local\{C4748EF6-3C8D-4896-91BA-02EE60C0339D}
2016-08-15 13:21 - 2016-08-15 13:21 - 00000000 ____D C:\Users\Deanna\AppData\Local\{A6610531-5D36-4F71-9BE8-CAB8B5867F13}
2016-08-14 15:36 - 2016-08-14 15:36 - 00000000 ____D C:\Users\Deanna\AppData\Local\{DF3BCF99-81FA-491B-B079-CA738B5FAE49}
2016-08-13 15:51 - 2016-08-13 15:51 - 00000000 ____D C:\Users\Deanna\AppData\Local\{D622B1B3-2F91-4B03-95E1-9DF299E325AC}
2016-08-13 01:57 - 2016-08-13 01:57 - 00000000 ____D C:\Users\Deanna\AppData\Local\{0B88B512-2E9E-41D6-9DCF-76BCEBB2D7D3}
2016-08-12 13:16 - 2016-08-12 13:16 - 00000000 ____D C:\Users\Deanna\AppData\Local\{BC24E0F1-FDDE-4236-909D-958AC7B2AB21}
2016-08-11 13:35 - 2016-08-11 13:35 - 00000000 ____D C:\Users\Deanna\AppData\Local\{D44BD246-DF72-43DF-A434-FE947B58DC60}
2016-08-10 21:33 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-08-10 21:33 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-08-10 21:33 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-08-10 21:33 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-08-10 21:33 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-08-10 21:33 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-08-10 21:33 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-08-10 21:33 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-08-10 21:33 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-08-10 21:33 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-08-10 21:33 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-08-10 21:33 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-08-10 21:33 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-08-10 21:33 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-08-10 21:32 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-08-10 21:32 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-08-10 21:32 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-08-10 21:32 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-08-10 21:32 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-08-10 21:32 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-08-10 21:32 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-08-10 21:32 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-08-10 21:32 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-08-10 21:32 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-08-10 21:32 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-08-10 21:32 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-08-10 21:32 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-08-10 21:32 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-08-10 21:32 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-08-10 21:32 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-08-10 21:32 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-08-10 21:32 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-08-10 21:32 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-08-10 21:32 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-08-10 21:32 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-08-10 21:32 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-08-10 21:32 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 21:32 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-08-10 21:32 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-08-10 21:32 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-08-10 21:32 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-08-10 21:32 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-08-10 21:32 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-08-10 21:32 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-08-10 21:32 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-08-10 21:32 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-08-10 21:32 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-08-10 21:32 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-08-10 21:32 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-08-10 21:32 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-08-10 21:32 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-08-10 21:32 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-08-10 21:32 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-08-10 21:32 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-08-10 21:32 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-08-10 21:32 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-08-10 21:32 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-08-10 21:32 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-08-10 21:32 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-08-10 21:32 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-08-10 21:32 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-08-10 21:32 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 21:32 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-08-10 21:32 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-08-10 21:32 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-08-10 21:32 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-08-10 21:32 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-08-10 21:32 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-08-10 21:32 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-08-10 21:32 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-08-10 21:32 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-08-10 21:32 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-08-10 21:32 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-08-10 21:32 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-08-10 21:32 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-08-10 21:32 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-08-10 21:32 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-08-10 21:32 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-08-10 21:32 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-08-10 21:32 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-08-10 21:31 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-08-10 21:09 - 2016-08-10 21:09 - 00000000 ____D C:\Users\Deanna\AppData\Local\{45311FE5-0C99-4804-8576-07BF9B44CC2D}
2016-08-10 01:37 - 2016-08-10 01:37 - 00000000 ____D C:\Users\Deanna\AppData\Local\{538D4AB4-518B-4D59-8D96-316FA253278E}
2016-08-09 13:17 - 2016-08-09 13:17 - 00000000 ____D C:\Users\Deanna\AppData\Local\{1AAE5150-8DB5-4540-A392-1A6427FCEA78}
2016-08-08 13:27 - 2016-08-08 13:27 - 00000000 ____D C:\Users\Deanna\AppData\Local\{C50BE185-CA2F-466F-92B2-A4F019D1FDC6}
2016-08-07 14:17 - 2016-08-07 14:17 - 00000000 ____D C:\Users\Deanna\AppData\Local\{3D976413-2094-40AE-98C1-E55440890DF8}
2016-08-07 02:03 - 2016-08-07 02:03 - 00000000 ____D C:\Users\Deanna\AppData\Local\{05C49673-8046-4305-B205-4EBAB34A63D0}
2016-08-06 04:25 - 2016-08-06 04:25 - 00000000 ____D C:\Users\Deanna\AppData\Local\{713B0D39-4C04-4AAF-B981-13B2CD00B320}
2016-08-05 12:01 - 2016-08-05 12:01 - 00000000 ____D C:\Users\Deanna\AppData\Local\{B2F7674D-0D2E-4626-BF6E-838BC199F358}
2016-08-04 23:47 - 2016-08-04 23:47 - 00000000 ____D C:\Users\Deanna\AppData\Local\{1AF20376-D011-4068-89CD-FC8350AF6384}
2016-08-04 03:35 - 2016-08-04 03:35 - 00000000 ____D C:\Users\Deanna\AppData\Local\{2458C204-1F93-4E44-900E-340DEA1BE546}
2016-08-03 04:47 - 2016-08-03 04:47 - 00000000 ____D C:\Users\Deanna\AppData\Local\{60D9F90F-7469-4BDB-88A5-C6528D5C5CF6}
2016-08-02 13:47 - 2016-08-02 13:47 - 00000000 ____D C:\Users\Deanna\AppData\Local\{5147390D-8766-41F9-9CD2-616022A47037}
2016-08-01 19:23 - 2016-08-01 19:23 - 00000000 ____D C:\Users\Deanna\AppData\Local\{FD93E5BC-4272-4FC3-BCEC-45476584E8AD}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-31 00:06 - 2016-07-13 00:50 - 00000000 ____D C:\Users\Deanna\Downloads\FRST-OlderVersion
2016-08-31 00:06 - 2016-06-22 02:58 - 00022082 _____ C:\Users\Deanna\Downloads\FRST.txt
2016-08-31 00:06 - 2016-06-22 02:57 - 00000000 ____D C:\FRST
2016-08-31 00:06 - 2016-06-22 02:52 - 02397696 _____ (Farbar) C:\Users\Deanna\Downloads\FRST64.exe
2016-08-30 23:43 - 2014-10-07 01:32 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 23:41 - 2014-10-07 01:32 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-30 22:50 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-30 22:50 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-30 22:45 - 2015-02-01 16:03 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 22:37 - 2014-10-07 01:33 - 00000000 ___RD C:\Users\Deanna\Google Drive
2016-08-30 22:33 - 2014-12-17 21:45 - 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-08-30 22:33 - 2012-06-09 18:53 - 00000000 ____D C:\Users\Deanna
2016-08-30 22:33 - 2011-10-21 23:37 - 00000000 ____D C:\ProgramData\Trend Micro
2016-08-30 22:32 - 2016-06-14 15:09 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-08-30 22:32 - 2014-12-17 21:44 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-08-30 22:29 - 2016-07-13 00:00 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1461520116
2016-08-30 22:29 - 2014-12-17 21:50 - 00001926 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-30 22:29 - 2014-12-17 21:44 - 00473592 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.147261055277905
2016-08-30 22:29 - 2014-12-17 21:44 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.147261055226307
2016-08-30 22:27 - 2014-12-17 21:44 - 00473592 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.147261055079802
2016-08-30 22:27 - 2014-12-17 21:44 - 00290088 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.147261055204506
2016-08-30 22:25 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-30 22:23 - 2015-12-03 19:29 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-08-30 22:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-08-30 22:19 - 2014-08-24 13:49 - 00000000 ____D C:\Users\Deanna\Documents\Fax
2016-08-30 22:19 - 2012-06-16 23:26 - 00000000 ____D C:\Users\Deanna\AppData\Roaming\SoftGrid Client
2016-08-30 22:16 - 2016-01-27 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-08-30 22:16 - 2015-06-09 01:40 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-08-30 22:16 - 2015-06-09 01:13 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-08-30 22:16 - 2015-06-09 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-08-30 22:16 - 2015-02-01 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-30 22:16 - 2015-02-01 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-30 22:16 - 2015-01-30 03:34 - 00000000 ____D C:\ProgramData\Virtualized Applications
2016-08-30 22:16 - 2014-12-17 21:37 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-30 22:16 - 2014-11-22 03:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2016-08-30 22:16 - 2014-05-01 22:51 - 00000000 ____D C:\ProgramData\Apple Computer
2016-08-30 22:16 - 2014-05-01 22:49 - 00000000 ____D C:\ProgramData\Apple
2016-08-30 22:16 - 2013-10-27 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2016-08-30 22:16 - 2013-10-16 23:56 - 00000000 ____D C:\ProgramData\Oracle
2016-08-30 22:16 - 2013-03-16 03:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2016-08-30 22:16 - 2013-03-16 03:11 - 00000000 ____D C:\ProgramData\DAZ 3D
2016-08-30 22:16 - 2012-06-18 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-08-30 22:16 - 2011-10-21 23:23 - 00000000 __HDC C:\ProgramData\{37272A44-A110-4EB7-A5EF-88B2A05A08C4}
2016-08-30 22:16 - 2011-10-21 23:16 - 00000000 ____D C:\ProgramData\Adobe
2016-08-30 22:16 - 2011-10-21 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-08-30 22:14 - 2016-07-07 14:32 - 00000000 ____D C:\AdwCleaner
2016-08-30 22:14 - 2012-06-16 23:34 - 00000000 __RHD C:\MSOCache
2016-08-30 20:31 - 2015-01-29 00:13 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2016-08-30 20:31 - 2014-12-17 21:36 - 00000000 ____D C:\Users\Deanna\Documents\Amazon Downloader Logs
2016-08-30 20:31 - 2012-06-17 03:10 - 00000000 ____D C:\ProgramData\VirtualizedApplications
2016-08-30 20:30 - 2013-10-27 01:01 - 00000000 ____D C:\ProgramData\SpinTop Games
2016-08-30 20:30 - 2013-10-27 01:01 - 00000000 ____D C:\ProgramData\PopCap Games
2016-08-30 20:30 - 2013-10-16 23:55 - 00000000 ____D C:\ProgramData\Sun
2016-08-30 20:30 - 2013-06-24 18:20 - 00000000 ____D C:\ProgramData\MR APP
2016-08-30 20:30 - 2011-10-21 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Manual
2016-08-30 20:29 - 2016-07-05 22:53 - 00000000 ____D C:\Case Invoices
2016-08-30 20:29 - 2015-09-13 03:22 - 00000000 ____D C:\AVAST Software
2016-08-30 20:29 - 2015-09-10 03:24 - 00000000 ____D C:\93dbd52bd8f07c82f3780608
2016-08-30 20:29 - 2015-06-09 01:41 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2016-08-30 20:29 - 2015-06-09 01:38 - 00000000 ___HD C:\ProgramData\CanonIJQuickMenu
2016-08-30 20:29 - 2015-06-09 01:34 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2016-08-30 20:29 - 2015-06-09 01:20 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2016-08-30 20:29 - 2015-06-09 01:06 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-30 20:29 - 2015-01-24 02:50 - 00000000 ____D C:\ProgramData\Autodesk
2016-08-30 20:29 - 2014-12-18 18:33 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-08-30 20:29 - 2014-11-22 15:35 - 00000000 ____D C:\Data Recovery 2014-11-22 at 14.35.09
2016-08-30 20:29 - 2014-11-22 05:20 - 00000000 ____D C:\Data Recovery 2014-11-22 at 04.20.01
2016-08-30 20:29 - 2014-07-16 00:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2016-08-30 20:29 - 2013-10-16 23:52 - 00000000 ____D C:\ProgramData\McAfee
2016-08-30 20:29 - 2013-03-16 02:00 - 00000000 ____D C:\ProgramData\Google
2016-08-30 20:29 - 2012-06-09 18:57 - 00000000 ____D C:\ProgramData\ATI
2016-08-30 20:29 - 2011-10-21 23:23 - 00000000 ____D C:\ProgramData\Best Buy pc app
2016-08-30 20:29 - 2011-10-21 23:12 - 00000000 ____D C:\ProgramData\AMD
2016-08-18 00:44 - 2014-12-16 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-17 01:57 - 2012-06-14 17:58 - 00000000 ____D C:\Program Files\Lx_cats
2016-08-12 04:16 - 2009-07-14 00:45 - 00267672 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-11 03:09 - 2013-07-15 03:00 - 00000000 ____D C:\windows\system32\MRT
2016-08-11 03:02 - 2012-09-01 22:11 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2016-08-30 20:31 - 2016-08-30 20:31 - 0002124 _____ () C:\Users\Deanna\AppData\Roaming\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:31 - 2016-08-30 20:31 - 0003192 _____ () C:\Users\Deanna\AppData\Roaming\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:29 - 2016-08-30 20:29 - 0002124 _____ () C:\ProgramData\HELP_DECRYPT_YOUR_FILES.HTML
2016-08-30 20:29 - 2016-08-30 20:29 - 0003192 _____ () C:\ProgramData\HELP_DECRYPT_YOUR_FILES.TXT
2016-08-30 20:29 - 2016-08-30 20:29 - 3174160 _____ () C:\ProgramData\spl6bbb.tmp.id_8091818e5c3bb547_email_enc2@dr.com_.scl
2016-08-30 20:29 - 2016-08-30 20:29 - 3174160 _____ () C:\ProgramData\spldb6e.tmp.id_8091818e5c3bb547_email_enc2@dr.com_.scl

Some files in TEMP:
====================
C:\Users\Deanna\AppData\Local\Temp\8gm4jpbf.dll
C:\Users\Deanna\AppData\Local\Temp\AcDeltree.exe
C:\Users\Deanna\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Deanna\AppData\Local\Temp\libeay32.dll
C:\Users\Deanna\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Deanna\AppData\Local\Temp\msvcr120.dll
C:\Users\Deanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Deanna\AppData\Local\Temp\setup.exe
C:\Users\Deanna\AppData\Local\Temp\sqlite3.dll
C:\Users\Deanna\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-04 03:50

==================== End of FRST.txt ============================


Edited by NINTR, 30 August 2016 - 11:14 PM.


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:05 AM

Posted 30 August 2016 - 11:17 PM

Your post was moved to Ransomware Help & Tech Support which

 is dedicated to providing support for ransomware infections and to provide any solutions that may allow victims to decrypt their files for free
.

 

Those who have the knowledge to deal with ransomware will help you. They have spent a great deal of time researching the various ransomware variants.

 

In order for then to help you it has to be in that forum. They are not allowed to post here in Malware Removal Logs.

 

While malware removal team members are very good at what they do, there is the possibility that they don't know how to deal with ransomware.

Please keep all discussion of your issue in your other topic.

 

This one is closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users