[Inactive] RSA4096
Results 1 to 3 of 3

Thread: [Inactive] RSA4096

  1. #1
    Join Date
    May 2016
    Posts
    2

    [Inactive] RSA4096

    One of our PC's was recently hit with the RSA4096 virus. I cannot get the type off the main screen. I have run the program and here is the results:

    I am hoping you can help to remove this virus.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 03
    Ran by Teresa A (administrator) on TERESAA-PC (07-05-2016 17:59:33)
    Running from C:\Users\Teresa A\Desktop
    Loaded Profiles: Teresa A (Available Profiles: Teresa A)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
    HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
    HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] (Qualcomm®Atheros®)
    HKU\S-1-5-21-11812795-3413085119-2478197880-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe [540848 2015-02-13] (Adobe Systems Incorporated)
    HKU\S-1-5-21-11812795-3413085119-2478197880-1000\...\MountPoints2: {9bb9984c-bf62-11e5-994c-806e6f6e6963} - D:\WRSetupCD.exe
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-05-05]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-04-23]
    ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-04-23]
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-04-23]
    ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 68.94.156.1 68.94.157.1
    Tcpip\..\Interfaces\{5A3B3B1A-37A0-4CAC-AB0A-67288F9435D2}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{F906995A-1DD4-4F23-BF58-6BAFBE2FE9A6}: [DhcpNameServer] 68.94.156.1 68.94.157.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-11812795-3413085119-2478197880-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/
    HKU\S-1-5-21-11812795-3413085119-2478197880-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
    SearchScopes: HKU\S-1-5-21-11812795-3413085119-2478197880-1000 -> DefaultScope {CF8F41B7-BC36-4C8E-AAE1-5DD042DA0BB2} URL =
    SearchScopes: HKU\S-1-5-21-11812795-3413085119-2478197880-1000 -> {CF8F41B7-BC36-4C8E-AAE1-5DD042DA0BB2} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-29] (Microsoft Corporation)
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-04-29] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-04-29] (Microsoft Corporation)
    BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-29] (Microsoft Corporation)
    Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
    Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
    Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-29] (Microsoft Corporation)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-29] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-29] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2911464 2016-04-29] (Microsoft Corporation)
    R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [202288 2016-04-28] (Microsoft Corporation) [File not signed]
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-11-03] (Intuit Inc.) [File not signed]
    R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-11-03] (Intuit Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-13] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]
    S2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    R0 WRkrn; System32\drivers\WRkrn.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-07 17:59 - 2016-05-07 17:59 - 02379264 _____ (Farbar) C:\Users\Teresa A\Desktop\FRST64.exe
    2016-05-07 17:59 - 2016-05-07 17:59 - 00016310 _____ C:\Users\Teresa A\Desktop\FRST.txt
    2016-05-07 17:26 - 2016-05-07 17:26 - 00000000 ___RD C:\Users\Teresa A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2016-05-07 15:57 - 2016-05-07 15:57 - 00002119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-05-07 15:57 - 2016-05-07 15:57 - 00001945 _____ C:\Windows\epplauncher.mif
    2016-05-07 15:57 - 2016-05-07 15:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2016-05-07 15:57 - 2016-05-07 15:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2016-05-07 15:35 - 2016-05-07 15:38 - 02379264 _____ (Farbar) C:\Users\Teresa A\Downloads\FRST64 (3).exe
    2016-05-07 15:34 - 2016-05-07 15:34 - 00001210 _____ C:\Users\Teresa A\Downloads\de_crypt_readme - Shortcut.lnk
    2016-05-07 15:34 - 2016-05-07 15:34 - 00001151 _____ C:\Users\Teresa A\Downloads\Addition - Shortcut.lnk
    2016-05-07 15:34 - 2016-05-07 15:34 - 00001111 _____ C:\Users\Teresa A\Downloads\FRST - Shortcut.lnk
    2016-05-07 15:33 - 2016-05-07 15:33 - 00020860 _____ C:\Users\Teresa A\Downloads\Addition.txt
    2016-05-07 15:32 - 2016-05-07 17:59 - 00000000 ____D C:\FRST
    2016-05-07 15:32 - 2016-05-07 15:38 - 00042983 _____ C:\Users\Teresa A\Downloads\FRST.txt
    2016-05-07 15:32 - 2016-05-07 15:32 - 02379264 _____ (Farbar) C:\Users\Teresa A\Downloads\FRST64 (2).exe
    2016-05-07 15:31 - 2016-05-07 15:31 - 00000000 ____D C:\Users\Teresa A\AppData\Local\lptmp719163909
    2016-05-07 15:31 - 2016-05-07 15:31 - 00000000 ____D C:\Users\Teresa A\AppData\Local\lptmp1732795959
    2016-05-07 15:29 - 2016-05-07 15:29 - 02379264 _____ (Farbar) C:\Users\Teresa A\Downloads\FRST64 (1).exe
    2016-05-07 15:23 - 2016-05-07 15:23 - 02379264 _____ (Farbar) C:\Users\Teresa A\Downloads\FRST64.exe
    2016-05-05 10:45 - 2016-05-05 10:45 - 00000000 ____D C:\c909085bd59a1f258ee2
    2016-05-05 10:40 - 2016-05-07 15:31 - 00000000 ____D C:\Users\Teresa A\AppData\Local\lptmp
    2016-05-05 10:40 - 2016-05-05 10:40 - 00000000 ____D C:\Users\Teresa A\AppData\LocalLow\LastPass
    2016-05-05 10:39 - 2016-05-05 10:39 - 00000000 ____D C:\Program Files\Common Files\Webroot
    2016-05-04 17:57 - 2016-05-05 10:18 - 00000000 ____D C:\Program Files (x86)\LogMeIn Ignition
    2016-05-04 17:56 - 2016-05-05 10:07 - 00000000 ____D C:\ProgramData\LogMeIn
    2016-05-04 17:56 - 2016-05-04 17:56 - 00001024 _____ C:\.rnd
    2016-05-04 17:56 - 2016-05-04 17:56 - 00000000 ____D C:\Users\Teresa A\AppData\Local\LogMeIn
    2016-05-04 17:55 - 2016-05-05 10:18 - 00000000 ____D C:\Program Files (x86)\LogMeIn
    2016-05-04 17:53 - 2016-05-05 10:17 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
    2016-05-04 17:52 - 2016-05-05 10:17 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-05-04 17:52 - 2016-05-04 17:52 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-05-04 17:51 - 2016-05-05 10:18 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2016-05-04 17:50 - 2016-05-05 10:18 - 00000000 ____D C:\Program Files (x86)\Norton 360
    2016-05-04 17:50 - 2016-05-05 10:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    2016-05-04 17:50 - 2016-05-05 10:17 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
    2016-05-04 17:50 - 2016-05-04 17:50 - 00000000 ____D C:\ProgramData\NortonInstaller
    2016-05-04 17:50 - 2016-05-04 17:50 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
    2016-05-04 17:49 - 2016-05-05 10:17 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2016-05-04 17:49 - 2016-05-05 10:05 - 00000000 ____D C:\ProgramData\Norton
    2016-05-04 17:49 - 2016-05-04 17:49 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2016-05-04 17:41 - 2014-08-13 10:19 - 00000113 ____H C:\DBAR_Ver.txt
    2016-05-04 13:45 - 2016-05-04 13:45 - 00164741 _____ C:\Users\Teresa A\Documents\Valero Benicia Excel Sheet.xlsx
    2016-05-04 13:32 - 2016-05-04 13:32 - 01551174 ____T C:\Users\Teresa A\Downloads\de_crypt_readme.bmp
    2016-05-04 13:32 - 2016-05-04 13:32 - 01551174 ____T C:\Users\Teresa A\Documents\de_crypt_readme.bmp
    2016-05-04 13:32 - 2016-05-04 13:32 - 01551174 ____T C:\de_crypt_readme.bmp
    2016-05-04 13:32 - 2016-05-04 13:32 - 00003318 _____ C:\Users\Teresa A\Downloads\de_crypt_readme.html
    2016-05-04 13:32 - 2016-05-04 13:32 - 00003318 _____ C:\de_crypt_readme.html
    2016-05-04 13:32 - 2016-05-04 13:32 - 00001641 _____ C:\Users\Teresa A\Downloads\de_crypt_readme.txt
    2016-05-04 13:32 - 2016-05-04 13:32 - 00001641 _____ C:\Users\Teresa A\Documents\de_crypt_readme.txt
    2016-05-04 13:32 - 2016-05-04 13:32 - 00001641 _____ C:\de_crypt_readme.txt
    2016-05-04 13:30 - 2016-05-04 17:23 - 00000000 ____D C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2016-05-04 13:30 - 2016-05-04 13:30 - 00000003 _____ C:\ProgramData\D51381F98AEA.dat
    2016-05-04 13:14 - 2016-05-04 17:23 - 00000000 ____D C:\Users\Teresa A\AppData\Local\Microsoft Help
    2016-05-04 12:37 - 2016-05-04 13:32 - 00000000 ____D C:\Users\Teresa A\AppData\LocalLow\{40256705-225B-4BE7-8860-A0A20EE5624D}
    2016-05-03 14:43 - 2016-05-04 13:32 - 00009106 _____ C:\Users\Teresa A\Downloads\v.js.crypt
    2016-05-03 14:43 - 2016-05-04 13:32 - 00009106 _____ C:\Users\Teresa A\Downloads\v (1).js.crypt
    2016-05-03 14:43 - 2016-05-04 13:32 - 00001582 _____ C:\Users\Teresa A\Downloads\m.js.crypt
    2016-05-03 14:43 - 2016-05-04 13:32 - 00001582 _____ C:\Users\Teresa A\Downloads\m (1).js.crypt
    2016-05-03 10:10 - 2016-05-03 10:10 - 00164859 _____ C:\Users\Teresa A\Documents\Book2.xlsx
    2016-05-03 09:23 - 2016-05-04 13:32 - 00003205 _____ C:\Users\Teresa A\Documents\Dow Excel Sheet March-2016.csv.crypt
    2016-05-03 09:23 - 2016-05-03 09:23 - 00000000 ____D C:\Users\Teresa A\Documents\Custom Office Templates
    2016-04-26 12:33 - 2016-05-04 12:45 - 00000000 ____D C:\Users\Teresa A\AppData\Local\CrashDumps
    2016-04-26 11:33 - 2016-04-26 11:33 - 00000000 ____D C:\Users\Teresa A\AppData\LocalLow\Temp
    2016-04-26 11:01 - 2016-04-26 11:01 - 00000000 ____D C:\Users\Teresa A\AppData\LocalLow\Adobe
    2016-04-26 11:01 - 2016-04-26 11:01 - 00000000 ____D C:\Users\Teresa A\AppData\Local\Adobe
    2016-04-26 10:39 - 2016-04-26 10:39 - 00000000 ____D C:\ProgramData\Xerox
    2016-04-24 21:07 - 2016-04-24 21:07 - 00000000 ____D C:\Users\Teresa A\AppData\Local\GWX
    2016-04-24 17:25 - 2016-04-24 18:05 - 00000000 ____D C:\Users\Teresa A\AppData\Local\LogMeIn Rescue Applet
    2016-04-24 11:24 - 2016-04-24 18:59 - 00002002 ____H C:\Users\Teresa A\Documents\Default.rdp
    2016-04-24 08:48 - 2016-04-24 08:48 - 00002129 _____ C:\Users\Teresa A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2016-04-24 08:48 - 2016-04-24 08:48 - 00002102 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2016-04-24 08:48 - 2016-04-24 08:48 - 00002102 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2016-04-24 08:48 - 2016-04-24 08:48 - 00000000 ___RD C:\Users\Teresa A\OneDrive
    2016-04-24 08:48 - 2016-04-24 08:48 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
    2016-04-24 08:47 - 2016-04-24 08:47 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2016-04-24 07:44 - 2016-05-05 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
    2016-04-24 07:44 - 2016-04-24 07:44 - 00002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2016-04-24 07:38 - 2016-05-07 15:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-04-24 07:33 - 2016-04-24 07:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-04-23 17:35 - 2016-04-23 17:35 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\DropboxOEM
    2016-04-23 16:08 - 2016-04-23 16:08 - 00000000 ____D C:\238560775e25a9313f07281c
    2016-04-23 16:08 - 2015-07-18 06:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2016-04-23 16:08 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2016-04-23 15:45 - 2016-04-23 15:45 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2016-04-23 15:44 - 2016-04-23 15:44 - 00003440 _____ C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
    2016-04-23 15:41 - 2016-05-07 15:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-04-23 15:37 - 2016-04-23 15:37 - 00002178 _____ C:\Users\Public\Desktop\QuickBooks Premier - Manufacturing and Wholesale Edition 2014.lnk
    2016-04-23 15:33 - 2016-05-05 10:18 - 00000000 ____D C:\Users\Teresa A\AppData\Local\Intuit
    2016-04-23 15:32 - 2012-01-05 12:43 - 04218880 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
    2016-04-23 15:31 - 2016-05-05 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
    2016-04-23 15:30 - 2016-04-23 17:34 - 00000000 ____D C:\ProgramData\Intuit
    2016-04-23 15:30 - 2016-04-23 15:30 - 00000000 ____D C:\Users\Public\Documents\Intuit
    2016-04-23 15:30 - 2016-04-23 15:30 - 00000000 ____D C:\ProgramData\Nuance
    2016-04-23 15:29 - 2016-05-05 10:18 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
    2016-04-23 15:29 - 2016-04-23 15:37 - 00000000 ____D C:\Program Files (x86)\Intuit
    2016-04-23 15:29 - 2016-04-23 15:31 - 00000095 _____ C:\Windows\QBChanUtil_Trigger.ini
    2016-04-23 15:24 - 2016-04-23 15:28 - 567342272 _____ (Intuit, Inc. ) C:\Users\Teresa A\Desktop\QuickBooksPremier2014.exe
    2016-04-23 15:24 - 2016-04-23 15:28 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Download Manager
    2016-04-23 15:24 - 2016-04-23 15:24 - 00001679 _____ C:\Users\Teresa A\Desktop\Setup_QuickBooksPremier2014.lnk
    2016-04-23 15:24 - 2016-04-23 15:24 - 00000000 ____D C:\Program Files (x86)\Akamai
    2016-04-23 15:16 - 2016-04-23 15:16 - 00003306 _____ C:\Windows\System32\Tasks\{A758A2E7-9802-439E-93BF-C64866CBED4C}
    2016-04-23 14:58 - 2016-04-23 14:58 - 00000000 ____D C:\Windows\system32\appmgmt
    2016-04-23 14:44 - 2016-04-23 14:44 - 00000000 ____D C:\Windows\Intuit
    2016-04-23 14:31 - 2016-04-23 14:31 - 00000000 ____D C:\Program Files (x86)\Dell Update
    2016-04-23 14:30 - 2016-05-04 17:41 - 00000000 ____D C:\ProgramData\softthinks
    2016-04-23 14:30 - 2016-05-04 13:32 - 00000113 ____H C:\DBAR_Ver.txt.crypt
    2016-04-23 14:30 - 2016-04-23 14:30 - 00000000 ____D C:\Users\Teresa A\AppData\Local\softthinks
    2016-04-23 14:24 - 2016-05-07 17:26 - 00000000 ____D C:\Users\Teresa A\Documents\Bluetooth Folder
    2016-04-23 14:24 - 2016-05-05 10:18 - 00000000 ____D C:\Users\Teresa A\AppData\Local\DropboxOEM
    2016-04-23 14:24 - 2016-05-04 17:37 - 00000000 __SHD C:\Users\Teresa A\AppData\LocalLow\EmieUserList
    2016-04-23 14:24 - 2016-05-04 17:37 - 00000000 __SHD C:\Users\Teresa A\AppData\LocalLow\EmieBrowserModeList
    2016-04-23 14:24 - 2016-05-04 17:37 - 00000000 __SHD C:\Users\Teresa A\AppData\Local\EmieUserList
    2016-04-23 14:24 - 2016-05-04 17:37 - 00000000 __SHD C:\Users\Teresa A\AppData\Local\EmieSiteList
    2016-04-23 14:24 - 2016-05-04 17:37 - 00000000 __SHD C:\Users\Teresa A\AppData\Local\EmieBrowserModeList
    2016-04-23 14:24 - 2016-04-23 17:35 - 00115424 _____ C:\Users\Teresa A\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-04-23 14:24 - 2016-04-23 14:24 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Macromedia
    2016-04-23 14:24 - 2016-04-23 14:24 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Intel Corporation
    2016-04-23 14:24 - 2016-04-23 14:24 - 00000000 ____D C:\Users\Teresa A\AppData\Local\BMExplorer
    2016-04-23 14:24 - 2016-04-23 14:24 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
    2016-04-23 14:23 - 2016-05-04 17:37 - 00000000 __SHD C:\Users\Teresa A\AppData\LocalLow\EmieSiteList
    2016-04-23 14:23 - 2016-04-26 11:01 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Adobe
    2016-04-23 14:23 - 2016-04-23 14:23 - 00001415 _____ C:\Users\Teresa A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-04-23 14:23 - 2016-04-23 14:23 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Leadertech
    2016-04-23 14:23 - 2016-04-23 14:23 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Atheros
    2016-04-23 14:23 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-04-23 14:23 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-04-23 14:23 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-04-23 14:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-04-23 14:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-04-23 14:23 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-04-23 14:23 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2016-04-23 14:23 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2016-04-23 14:23 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2016-04-23 14:23 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-04-23 14:23 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-04-23 14:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-04-23 14:23 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-04-23 14:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-04-23 14:22 - 2016-05-05 10:19 - 00000000 ____D C:\Users\Teresa A
    2016-04-23 14:22 - 2016-04-23 14:22 - 00000020 ___SH C:\Users\Teresa A\ntuser.ini
    2016-04-23 14:22 - 2016-04-23 14:22 - 00000000 _SHDL C:\Users\Teresa A\My Documents
    2016-04-23 14:22 - 2016-04-23 14:22 - 00000000 _SHDL C:\Users\Teresa A\Documents\My Videos
    2016-04-23 14:22 - 2016-04-23 14:22 - 00000000 _SHDL C:\Users\Teresa A\Documents\My Pictures
    2016-04-23 14:22 - 2016-04-23 14:22 - 00000000 _SHDL C:\Users\Teresa A\Documents\My Music
    2016-04-23 14:22 - 2016-04-23 14:22 - 00000000 ____D C:\Users\Teresa A\AppData\Local\VirtualStore
    2016-04-23 14:22 - 2010-11-21 00:16 - 00000000 ____D C:\Users\Teresa A\AppData\Roaming\Media Center Programs

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-07 17:29 - 2009-07-13 22:13 - 00781540 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-07 17:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-05-07 17:16 - 2015-02-13 18:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-05-07 16:28 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-05-07 16:28 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-05-07 15:17 - 2015-02-13 18:29 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
    2016-05-07 15:09 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-05-05 10:21 - 2009-07-13 21:45 - 00438776 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-05-05 10:19 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\schemas
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-05-05 10:19 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\System
    2016-05-05 10:18 - 2015-02-13 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB
    2016-05-05 10:18 - 2015-02-13 18:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2016-05-05 10:18 - 2015-02-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
    2016-05-05 10:18 - 2015-02-13 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
    2016-05-05 10:18 - 2015-02-13 18:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
    2016-05-05 10:18 - 2015-02-13 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
    2016-05-05 10:18 - 2015-02-13 18:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2016-05-05 10:18 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-05-05 10:18 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-05-05 10:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
    2016-05-05 10:11 - 2015-02-13 18:35 - 00000000 ____D C:\Program Files\Dell
    2016-05-05 10:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
    2016-05-04 14:03 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-05-03 10:20 - 2015-02-13 18:28 - 00000000 ____D C:\ProgramData\Adobe
    2016-04-24 10:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
    2016-04-23 17:34 - 2015-02-13 18:30 - 00000000 ____D C:\ProgramData\McAfee
    2016-04-23 15:45 - 2015-02-13 18:20 - 00000000 ____D C:\ProgramData\Dell
    2016-04-23 14:24 - 2015-07-16 08:23 - 00000000 ____D C:\ProgramData\Atheros
    2016-04-22 00:57 - 2010-11-20 20:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2016-05-05 10:40 - 2016-05-05 10:40 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
    2016-05-04 13:30 - 2016-05-04 13:30 - 0000003 _____ () C:\ProgramData\D51381F98AEA.dat
    2015-02-13 18:20 - 2015-02-13 18:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\ProgramData\D51381F98AEA.dat


    Some files in TEMP:
    ====================
    C:\Users\Teresa A\AppData\Local\Temp\Abspdf.exe
    C:\Users\Teresa A\AppData\Local\Temp\acfpdfu.dll
    C:\Users\Teresa A\AppData\Local\Temp\acfpdfuamd64.dll
    C:\Users\Teresa A\AppData\Local\Temp\acfpdfui.dll
    C:\Users\Teresa A\AppData\Local\Temp\acfpdfuia64.dll
    C:\Users\Teresa A\AppData\Local\Temp\acfpdfuiamd64.dll
    C:\Users\Teresa A\AppData\Local\Temp\acfpdfuiia64.dll
    C:\Users\Teresa A\AppData\Local\Temp\cdintf.dll
    C:\Users\Teresa A\AppData\Local\Temp\PDFPRT400.exe
    C:\Users\Teresa A\AppData\Local\Temp\xmllite.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-05-04 21:33

    ==================== End of FRST.txt ============================

  2. #2
    Join Date
    May 2016
    Posts
    2
    Here is the second part of the scan:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
    Ran by Teresa A (2016-05-07 18:00:09)
    Running from C:\Users\Teresa A\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2016-04-23 21:22:40)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-11812795-3413085119-2478197880-500 - Administrator - Disabled)
    Guest (S-1-5-21-11812795-3413085119-2478197880-501 - Limited - Disabled)
    Teresa A (S-1-5-21-11812795-3413085119-2478197880-1000 - Administrator - Enabled) => C:\Users\Teresa A

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
    DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.6868.2060 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-11812795-3413085119-2478197880-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1015 - Microsoft Corporation) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
    QuickBooks (x32 Version: 24.0.4010.2403 - Intuit Inc.) Hidden
    QuickBooks Premier: Mfg and Whsle Edition 2014 (HKLM-x32\...\{46984AEC-E137-4567-8A1A-8BC71862611F}) (Version: 24.0.4010.2403 - Intuit Inc.)
    QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-11812795-3413085119-2478197880-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Teresa A\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
    CustomCLSID: HKU\S-1-5-21-11812795-3413085119-2478197880-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Teresa A\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {24B4D545-3A38-4228-8148-7CB190D5C994} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {2C3DEF68-A5B1-422D-9A42-152A0CE7D191} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {3B02FA9A-14DB-41B0-801C-F7145F36588E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {75496931-560F-4C3E-A319-7C6F080E7761} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-29] (Microsoft Corporation)
    Task: {924E825B-CB89-4867-9187-3620AA582C36} - System32\Tasks\{A758A2E7-9802-439E-93BF-C64866CBED4C} => pcalua.exe -a "C:\Users\Teresa A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2GU2AD1\Clean Install Tool.exe" -d "C:\Users\Teresa A\Desktop"
    Task: {CC30E1CD-4C73-4940-BBAB-9177145111D0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
    Task: {E2206DCC-A54C-4A61-9E73-446C087084FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-29] (Microsoft Corporation)
    Task: {E91E337B-FFDE-485B-81E4-00AA420E5121} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-13] (Adobe Systems Incorporated)
    Task: {F7C006A0-B2D0-4674-8183-F730E0867C56} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2016-04-23] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-04-24 07:45 - 2016-05-07 15:23 - 08919744 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2015-02-13 18:29 - 2014-06-04 14:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
    2015-02-13 18:29 - 2014-06-04 14:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
    2013-07-02 21:51 - 2013-07-02 21:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
    2015-02-13 18:29 - 2014-07-02 20:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2016-04-24 07:33 - 2016-04-29 07:29 - 00417472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
    2015-11-04 00:46 - 2015-11-04 00:46 - 00623384 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
    2015-02-13 18:17 - 2013-12-09 15:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-02-13 18:29 - 2014-07-30 16:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2015-02-13 18:29 - 2012-11-25 22:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2015-02-13 18:29 - 2012-11-25 22:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-11812795-3413085119-2478197880-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Teresa A\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 68.94.156.1 - 68.94.157.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{0E0AFF36-A56D-4CF8-91EE-1A069E411EE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{CE3A867D-99FA-4DC9-AAEF-ED2A8B960C5A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{46C25C7D-4ED0-496C-AB2C-A07927C419F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{F008376C-98D0-479D-85A2-A9010D0AB089}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{D433EE70-34BE-41C8-81BE-63B4D6584542}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

    ==================== Restore Points =========================

    04-05-2016 17:54:56 Installed LogMeIn
    05-05-2016 10:06:55 Restore Operation
    07-05-2016 16:24:06 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: This operation returned because the timeout period expired.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: The specified server cannot perform the requested operation.
    .

    Error: (05/07/2016 03:44:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/47BEABC922EAE80E78783462A79F45C254FDE68B.crt> with error: This operation returned because the timeout period expired.
    .


    System errors:
    =============
    Error: (05/07/2016 05:25:48 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 05:24:55 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 05:12:23 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 05:11:43 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 05:10:56 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 05:10:15 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 05:08:32 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 04:43:47 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 04:43:09 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

    Error: (05/07/2016 04:42:18 PM) (Source: BTHUSB) (EventID: 17) (User: )
    Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU G3260 @ 3.30GHz
    Percentage of memory in use: 27%
    Total physical RAM: 8108.95 MB
    Available physical RAM: 5843.45 MB
    Total Virtual: 16216.09 MB
    Available Virtual: 12810.66 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:872.49 GB) NTFS
    Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.8 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: B42620E1)
    Partition 1: (Not Active) - (Size=40 MB) - (Type=DE)
    Partition 2: (Active) - (Size=11.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  3. #3
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ================================

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.

    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •