Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is flooded with virus and Trojans


  • This topic is locked This topic is locked
31 replies to this topic

#1 wjason777

wjason777

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 22 December 2014 - 04:57 PM

I have a desktop that we keep downstairs for the guest to use. It's flooded with virus and everytime I open a web browsers popups take over, not to mention the lagging. I tried doing a search with malware   Found over 4000 malware but I'm still having the same problem. Could someone help me get the pc back to normal. 

Thanks. 



BC AdBot (Login to Remove)

 


#2 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 23 December 2014 - 11:42 AM

Anyone?

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:14 PM

Posted 23 December 2014 - 08:15 PM

Hello wjason777,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 23 December 2014 - 09:41 PM

Hey thanks for replying.
I tried starting up the computer in normal and safe mode, once I get pass the login screen. Then it's just a black screen. That's the furthest I can go.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:14 PM

Posted 24 December 2014 - 12:26 AM

What operating system are you using? Windows 7 ,8 Vista, Xp?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 24 December 2014 - 06:32 AM

Win 7

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:14 PM

Posted 24 December 2014 - 03:00 PM

With all the things you have done to this machine before you came here I can't guarantee we will be able to fix it short of a reinstall of the operating system.

 

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 24 December 2014 - 07:45 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by SYSTEM on MININT-1QOJADC on 24-12-2014 19:20:57
Running from g:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKU\Guest\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
HKU\Guest\...\Run: [RocketTab] => C:\Users\Guest\AppData\Local\Search Extensions\Client.exe [5812224 2014-11-17] ()
HKU\Guest\...\Run: [RocketTab Update Task] => C:\Users\Guest\AppData\Local\Search Extensions\uninstall.exe [6102240 2014-11-17] ()
HKU\Guest\...\RunOnce: [BrowserSafeguard FF:0] => "C:\Users\Guest\AppData\Local\BrowserSafeguard\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Guest\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users (the data entry has 65 more characters).
HKU\Guest\...\RunOnce: [Import FF:0] => C:\Users\Guest\AppData\Local\Search Extensions\Resources\certutil.exe [90112 2014-11-17] ()
HKU\Guest\...\Policies\Explorer: [NofolderOptions] 0
HKU\leon 2\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
HKU\leon 2\...\Policies\Explorer: [NofolderOptions] 0
HKU\leon 2_2\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
HKU\leon3\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_223_Plugin.exe -update plugin
HKU\Shelia\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\Shelia\...\Policies\Explorer: [NofolderOptions] 0
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs:  c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4519240 2013-11-20] ()
AppInit_DLLs-x32: c:\progra~2\bearsh~1\mediabar\datamngr\datamngr.dll => "c:\progra~2\bearsh~1\mediabar\datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\bearsh~1\mediabar\datamngr\iebho.dll => "c:\progra~2\bearsh~1\mediabar\datamngr\iebho.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [4160840 2013-10-29] ()
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [192152 2013-11-20] ()
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120040 2014-11-24] (Sendori, Inc.) <==== ATTENTION
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-22] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete Inc)
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22760 2014-11-24] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3875048 2014-11-24] (Sendori) <==== ATTENTION
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1019328 2012-08-21] (Enigma Software Group USA, LLC.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX™)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20140520.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140520.008\ENG64.SYS [126040 2014-01-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140520.008\EX64.SYS [2099288 2014-01-17] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-02-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-24 19:20 - 2014-12-24 19:20 - 00000000 ____D () C:\FRST
2014-12-22 13:05 - 2014-12-23 18:15 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shelia)
2014-12-22 13:05 - 2014-12-22 13:05 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\ProductData
2014-12-22 13:04 - 2014-12-22 13:06 - 00002150 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-12-22 13:04 - 2014-12-22 13:05 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-22 13:04 - 2014-12-22 13:04 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-22 13:04 - 2014-12-22 13:04 - 00003216 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-12-22 13:04 - 2014-12-22 13:04 - 00003160 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-12-22 13:04 - 2014-12-22 13:04 - 00002888 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Shelia
2014-12-22 13:04 - 2014-12-22 13:04 - 00001234 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-12-22 13:04 - 2014-12-22 13:04 - 00000000 ____D () C:\Users\Shelia\AppData\IObit
2014-12-22 13:04 - 2014-12-22 13:04 - 00000000 ____D () C:\ProgramData\IObit
2014-12-22 13:03 - 2014-12-22 13:49 - 00000000 ____D () C:\ProgramData\SharkManCoupon
2014-12-22 13:03 - 2014-12-22 13:04 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\IObit
2014-12-22 13:03 - 2014-12-22 13:04 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-22 13:00 - 2014-12-22 13:01 - 17528608 _____ (IObit) C:\Users\Shelia\Downloads\iobituninstaller.exe
2014-12-22 12:41 - 2014-12-22 13:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-12-22 12:41 - 2014-12-22 12:41 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-22 12:41 - 2014-12-22 12:41 - 00000000 __SHD () C:\Users\Shelia\AppData\Local\EmieUserList
2014-12-22 12:41 - 2014-12-22 12:41 - 00000000 __SHD () C:\Users\Shelia\AppData\Local\EmieSiteList
2014-12-22 12:41 - 2014-12-22 12:41 - 00000000 __SHD () C:\Users\Shelia\AppData\Local\EmieBrowserModeList
2014-12-22 12:40 - 2014-12-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-22 12:40 - 2014-11-21 03:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-12-22 12:40 - 2014-11-21 03:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-12-22 12:36 - 2014-12-22 12:36 - 00000000 ____D () C:\Windows\pss
2014-12-17 19:12 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-12-17 19:12 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:48 - 2014-12-22 13:49 - 00000000 ____D () C:\ProgramData\savingtoyouo
2014-12-16 16:48 - 2014-12-22 13:49 - 00000000 ____D () C:\ProgramData\lesse2pay
2014-12-16 16:16 - 2014-12-16 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Opera Software
2014-12-16 16:16 - 2014-12-16 16:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Opera Software
2014-12-12 14:20 - 2014-12-12 14:20 - 00000000 ____D () C:\Windows\System32\appraiser
2014-12-11 15:18 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-12-11 15:18 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 15:18 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2014-12-11 15:18 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2014-12-11 15:18 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2014-12-11 15:18 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2014-12-11 15:18 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 15:18 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 15:18 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 15:18 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 14:18 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2014-12-11 14:18 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2014-12-11 14:18 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-12-11 14:18 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2014-12-11 14:18 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-12-11 14:18 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2014-12-11 14:18 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-12-11 14:18 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2014-12-11 14:17 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-12-11 14:17 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 14:17 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-12-11 14:17 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-12-11 14:17 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-12-11 14:17 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-12-11 14:17 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-12-11 14:17 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-12-11 14:17 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-12-11 14:17 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-12-11 14:17 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-12-11 14:17 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-12-11 14:17 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-12-11 14:17 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-12-11 14:17 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-12-11 14:17 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-12-11 14:17 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-11 14:17 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 14:17 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-12-11 14:17 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 14:17 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-11 14:17 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-12-11 14:17 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-12-11 14:17 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 14:17 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 14:17 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 14:17 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-12-11 14:17 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 14:17 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 14:17 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 14:17 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 14:17 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 14:17 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 14:17 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-12-11 14:17 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-12-11 14:17 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-12-11 14:17 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-12-11 14:17 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 14:17 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-12-11 14:17 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 14:17 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 14:17 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 14:17 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 14:17 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 14:17 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-12-11 14:17 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 14:17 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 14:17 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 14:17 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-12-11 14:17 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 14:17 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-12-11 14:17 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 14:17 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 14:17 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 14:17 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-12-11 14:17 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 14:17 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2014-12-11 14:17 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-12-11 14:17 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 14:17 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\System32\charmap.exe
2014-12-11 14:17 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 14:17 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2014-12-11 14:17 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-11 14:17 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2014-12-11 14:17 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2014-12-11 14:17 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2014-12-11 14:17 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 14:17 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 14:17 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 14:17 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 14:17 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 14:05 - 2014-10-31 10:08 - 00971032 ____N () C:\Windows\System32\rlls64.dll
2014-12-11 14:05 - 2014-10-31 10:08 - 00661272 ____N () C:\Windows\SysWOW64\rlls.dll
2014-12-11 14:02 - 2014-12-15 10:27 - 00000348 _____ () C:\Windows\Tasks\1214tbUpdateInfo.job
2014-12-11 14:02 - 2014-12-15 10:26 - 00000000 ____D () C:\ProgramData\Avg_Update_1214tb
2014-12-11 14:02 - 2014-12-11 14:02 - 00002466 _____ () C:\Windows\System32\Tasks\1214tbUpdateInfo
2014-12-06 13:39 - 2014-12-06 13:39 - 00000000 ____D () C:\Users\leon3\AppData\Local\Hewlett-Packard
2014-12-06 13:39 - 2014-12-06 13:39 - 00000000 ____D () C:\Users\leon3\AppData\Local\CrashDumps
2014-12-06 09:53 - 2014-12-06 09:53 - 00000000 __SHD () C:\Users\leon3\AppData\Local\EmieUserList
2014-12-06 09:53 - 2014-12-06 09:53 - 00000000 __SHD () C:\Users\leon3\AppData\Local\EmieSiteList
2014-12-06 09:53 - 2014-12-06 09:53 - 00000000 __SHD () C:\Users\leon3\AppData\Local\EmieBrowserModeList
2014-11-24 19:22 - 2014-11-24 19:22 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieBrowserModeList
2014-11-24 00:00 - 2014-11-24 00:00 - 00003682 _____ () C:\Windows\System32\Tasks\Default2Check
2014-11-24 00:00 - 2014-11-24 00:00 - 00000000 ____D () C:\ProgramData\dl159
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-23 18:29 - 2012-10-05 15:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 18:22 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 18:22 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 18:20 - 2012-05-09 15:07 - 00003822 _____ () C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
2014-12-23 18:20 - 2012-05-09 15:07 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-12-23 18:19 - 2011-05-12 00:25 - 02042468 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 18:14 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 18:14 - 2009-07-13 20:51 - 00124986 _____ () C:\Windows\setupact.log
2014-12-22 13:50 - 2013-10-10 18:28 - 00000000 ____D () C:\Program Files (x86)\GorillaPrice
2014-12-22 13:50 - 2013-10-10 18:23 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\BabSolution
2014-12-22 13:49 - 2014-10-27 23:19 - 00000000 ____D () C:\ProgramData\KIngCoUpoin
2014-12-22 13:49 - 2014-10-27 23:18 - 00000000 ____D () C:\ProgramData\RoyaLShopperrAApp
2014-12-22 13:49 - 2014-10-10 18:09 - 00000000 ____D () C:\ProgramData\LLUckyCoupon
2014-12-22 13:49 - 2013-11-20 18:09 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-12-22 13:49 - 2013-11-20 18:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-12-22 13:49 - 2013-10-10 18:31 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2014-12-22 13:49 - 2013-10-10 18:28 - 00000000 ____D () C:\ProgramData\GorillaPrice
2014-12-22 13:49 - 2013-10-10 18:24 - 00000000 ____D () C:\ProgramData\WeCareReminder
2014-12-22 13:49 - 2013-10-10 18:23 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-12-22 13:49 - 2012-09-17 10:03 - 00000000 ____D () C:\Program Files (x86)\Playbryte
2014-12-22 13:49 - 2012-09-16 09:40 - 00000000 ____D () C:\Program Files (x86)\PriceGong
2014-12-22 13:49 - 2012-05-08 18:00 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
2014-12-22 13:41 - 2013-11-30 21:56 - 00000000 ____D () C:\Users\Shelia\AppData\Local\Pokki
2014-12-22 13:39 - 2014-10-19 17:56 - 00000000 ____D () C:\users\leon3
2014-12-22 13:39 - 2013-07-30 12:45 - 00000000 ____D () C:\users\leon 2_2
2014-12-22 13:39 - 2012-09-16 09:34 - 00000000 ____D () C:\users\leon 2
2014-12-22 13:14 - 2012-02-22 08:17 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-22 13:14 - 2012-02-17 14:19 - 00000000 ____D () C:\users\Shelia
2014-12-22 13:13 - 2012-02-17 16:16 - 00243346 _____ () C:\Windows\PFRO.log
2014-12-22 13:11 - 2012-04-02 07:32 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\HP Support Assistant
2014-12-22 13:11 - 2012-03-19 12:33 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\HpUpdate
2014-12-22 13:10 - 2013-10-10 18:30 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\Open Download Manager
2014-12-22 13:06 - 2012-02-18 06:51 - 00000000 ____D () C:\Program Files (x86)\BearShare Applications
2014-12-22 13:01 - 2012-02-17 17:14 - 00000000 ____D () C:\ProgramData\Recovery
2014-12-22 12:41 - 2012-10-26 15:30 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\Malwarebytes
2014-12-22 12:40 - 2012-10-26 15:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-22 12:40 - 2012-10-26 15:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-12-22 12:33 - 2013-10-10 18:29 - 00000000 ____D () C:\Users\Shelia\AppData\Local\WeatherBug
2014-12-16 17:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-16 16:48 - 2014-06-14 12:04 - 00000000 ____D () C:\ProgramData\8de2b1e3524e19f3
2014-12-14 19:59 - 2012-03-31 07:55 - 00000000 ____D () C:\Windows\Minidump
2014-12-14 19:59 - 2012-02-17 16:16 - 00336177 ____N () C:\Windows\Minidump\121414-53180-01.dmp
2014-12-13 15:36 - 2011-05-12 00:43 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-13 15:29 - 2012-10-05 16:29 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-13 15:29 - 2012-10-05 15:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 15:29 - 2012-10-05 15:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 15:29 - 2012-02-18 06:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 14:20 - 2014-04-29 21:29 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-12-12 14:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 14:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 14:03 - 2012-09-28 17:57 - 00000000 ____D () C:\Program Files (x86)\Sendori
2014-12-06 09:54 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-06 09:49 - 2013-11-28 15:53 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-11-24 16:31 - 2014-06-27 17:15 - 00405224 _____ (Sendori) C:\Windows\System32\Sendori64.dll
2014-11-24 16:31 - 2012-09-28 17:57 - 00335080 _____ (Sendori) C:\Windows\SysWOW64\Sendori.dll
2014-11-24 00:00 - 2014-11-10 15:40 - 00000000 ____D () C:\ProgramData\dtdata
2014-11-24 00:00 - 2014-04-22 07:15 - 00000000 ____D () C:\Users\Public\Util
2014-11-24 00:00 - 2012-05-18 06:12 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSHELIA-HP$
2014-11-24 00:00 - 2012-05-18 06:12 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForSHELIA-HP$.job
 
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\3scrs2ta.dll
C:\Users\Guest\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Guest\AppData\Local\Temp\rtKy8FlDKq.exe
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite10038.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite14781.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite16653.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite17753.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite18556.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite22319.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite27449.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite30718.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite31554.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite32501.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite35286.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite53942.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite65576.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite70736.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71453.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71705.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite72950.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite73455.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite74127.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite77507.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite78655.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite84154.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite85398.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite86411.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite87478.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite88436.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite89008.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite94885.dll
C:\Users\leon 2\AppData\Local\Temp\contentDATs.exe
C:\Users\leon 2\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\leon 2_2\AppData\Local\Temp\wfv6lctd.dll
C:\Users\Shelia\AppData\Local\Temp\AskSLib.dll
C:\Users\Shelia\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Shelia\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Shelia\AppData\Local\Temp\Installhelper.dll
C:\Users\Shelia\AppData\Local\Temp\NEWFD9F.tmp.exe
C:\Users\Shelia\AppData\Local\Temp\oct9C85.tmp.exe
C:\Users\Shelia\AppData\Local\Temp\oi_{988B2167-F2DA-4B89-A3DD-B45AF7793EA9}.exe
C:\Users\Shelia\AppData\Local\Temp\Player_Setup.exe
C:\Users\Shelia\AppData\Local\Temp\setup.exe
C:\Users\Shelia\AppData\Local\Temp\SHSetup.exe
C:\Users\Shelia\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Shelia\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Shelia\AppData\Local\Temp\verify.exe
C:\Users\Shelia\AppData\Local\Temp\wget.exe
C:\Users\Shelia\AppData\Local\Temp\YgoUpdater.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-11-24 00:00:55
Restore point made on: 2014-11-24 19:41:33
Restore point made on: 2014-12-07 00:00:53
Restore point made on: 2014-12-07 00:01:58
Restore point made on: 2014-12-07 12:10:58
Restore point made on: 2014-12-11 15:17:59
Restore point made on: 2014-12-14 20:05:19
Restore point made on: 2014-12-14 20:36:08
Restore point made on: 2014-12-17 00:02:19
Restore point made on: 2014-12-17 20:25:55
Restore point made on: 2014-12-23 18:18:49
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 8183.89 MB
Available physical RAM: 7136.14 MB
Total Pagefile: 8182.04 MB
Available Pagefile: 7119.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.1 GB) (Free:822.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:13.13 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (USB Disk) (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 1AB69AF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 490 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=490 MB) - (Type=06)
 
 
LastRegBack: 2014-12-16 16:55
 
==================== End Of Log ============================


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:14 PM

Posted 24 December 2014 - 08:41 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

LastRegBack: 2014-12-16 16:55

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

After you run this fix please submit the log and see if the computer will boot normally now.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 24 December 2014 - 08:53 PM

When i login as the admin its still doing the same thing, but it when i login as a guest i can see the desktop

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014

Ran by SYSTEM at 2014-12-24 20:49:17 Run:1

Running from g:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

LastRegBack: 2014-12-16 16:55

*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup

DEFAULT hive was successfully restored from registry back up.

SAM hive was successfully copied to System32\config\HiveBackup

SAM hive was successfully restored from registry back up.

SECURITY hive was successfully copied to System32\config\HiveBackup

SECURITY hive was successfully restored from registry back up.

SOFTWARE hive was successfully copied to System32\config\HiveBackup

SOFTWARE hive was successfully restored from registry back up.

SYSTEM hive was successfully copied to System32\config\HiveBackup

SYSTEM hive was successfully restored from registry back up.

 

==== End of Fixlog 20:49:22 ====

 

 

 



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:14 PM

Posted 24 December 2014 - 08:57 PM

Can you post the addition.txt thats was produced when you ran FRST. It should be on the USB Drive.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 24 December 2014 - 08:59 PM

there is not addition.txt on the flash drive that im using



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:14 PM

Posted 24 December 2014 - 09:03 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKU\Guest\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
HKU\Guest\...\RunOnce: [BrowserSafeguard FF:0] => "C:\Users\Guest\AppData\Local\BrowserSafeguard\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Guest\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users (the data entry has 65 more characters).
HKU\Guest\...\RunOnce: [Import FF:0] => C:\Users\Guest\AppData\Local\Search Extensions\Resources\certutil.exe [90112 2014-11-17] ()
HKU\Guest\...\Policies\Explorer: [NofolderOptions] 0
HKU\leon 2\...\Policies\Explorer: [NofolderOptions] 0
HKU\Shelia\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\Shelia\...\Policies\Explorer: [NofolderOptions] 0
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs:  c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4519240 2013-11-20] ()
AppInit_DLLs-x32: c:\progra~2\bearsh~1\mediabar\datamngr\datamngr.dll => "c:\progra~2\bearsh~1\mediabar\datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\bearsh~1\mediabar\datamngr\iebho.dll => "c:\progra~2\bearsh~1\mediabar\datamngr\iebho.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [4160840 2013-10-29] ()
S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [192152 2013-11-20] ()
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120040 2014-11-24] (Sendori, Inc.) <==== ATTENTION
C:\Program Files (x86)\Sendori
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22760 2014-11-24] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3875048 2014-11-24] (Sendori) <==== ATTENTION
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1019328 2012-08-21] (Enigma Software Group USA, LLC.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
2014-12-22 13:05 - 2014-12-23 18:15 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shelia)
2014-12-22 13:05 - 2014-12-22 13:05 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\ProductData
2014-12-22 13:04 - 2014-12-22 13:06 - 00002150 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-12-22 13:04 - 2014-12-22 13:05 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-22 13:04 - 2014-12-22 13:04 - 00003216 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-12-22 13:04 - 2014-12-22 13:04 - 00003160 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-12-22 13:03 - 2014-12-22 13:49 - 00000000 ____D () C:\ProgramData\SharkManCoupon
2014-12-16 16:48 - 2014-12-22 13:49 - 00000000 ____D () C:\ProgramData\savingtoyouo
2014-12-22 13:49 - 2014-10-27 23:19 - 00000000 ____D () C:\ProgramData\KIngCoUpoin
2014-12-22 13:49 - 2014-10-27 23:18 - 00000000 ____D () C:\ProgramData\RoyaLShopperrAApp
2014-12-22 13:49 - 2014-10-10 18:09 - 00000000 ____D () C:\ProgramData\LLUckyCoupon
2014-12-22 13:49 - 2013-11-20 18:09 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-12-22 13:49 - 2013-11-20 18:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-12-22 13:49 - 2013-10-10 18:31 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2014-12-22 13:49 - 2013-10-10 18:28 - 00000000 ____D () C:\ProgramData\GorillaPrice
2014-12-22 13:49 - 2013-10-10 18:24 - 00000000 ____D () C:\ProgramData\WeCareReminder
2014-12-22 13:49 - 2012-09-17 10:03 - 00000000 ____D () C:\Program Files (x86)\Playbryte
2014-12-22 13:49 - 2012-09-16 09:40 - 00000000 ____D () C:\Program Files (x86)\PriceGong
2014-12-22 13:49 - 2012-05-08 18:00 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
2014-12-22 13:41 - 2013-11-30 21:56 - 00000000 ____D () C:\Users\Shelia\AppData\Local\Pokki
C:\Users\Guest\AppData\Local\Temp\3scrs2ta.dll
C:\Users\Guest\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Guest\AppData\Local\Temp\rtKy8FlDKq.exe
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite10038.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite14781.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite16653.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite17753.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite18556.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite22319.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite27449.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite30718.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite31554.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite32501.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite35286.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite53942.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite65576.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite70736.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71453.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71705.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite72950.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite73455.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite74127.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite77507.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite78655.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite84154.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite85398.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite86411.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite87478.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite88436.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite89008.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite94885.dll
C:\Users\leon 2\AppData\Local\Temp\contentDATs.exe
C:\Users\leon 2\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\leon 2_2\AppData\Local\Temp\wfv6lctd.dll
C:\Users\Shelia\AppData\Local\Temp\AskSLib.dll
C:\Users\Shelia\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Shelia\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Shelia\AppData\Local\Temp\Installhelper.dll
C:\Users\Shelia\AppData\Local\Temp\NEWFD9F.tmp.exe
C:\Users\Shelia\AppData\Local\Temp\oct9C85.tmp.exe
C:\Users\Shelia\AppData\Local\Temp\oi_{988B2167-F2DA-4B89-A3DD-B45AF7793EA9}.exe
C:\Users\Shelia\AppData\Local\Temp\Player_Setup.exe
C:\Users\Shelia\AppData\Local\Temp\setup.exe
C:\Users\Shelia\AppData\Local\Temp\SHSetup.exe
C:\Users\Shelia\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Shelia\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Shelia\AppData\Local\Temp\verify.exe
C:\Users\Shelia\AppData\Local\Temp\wget.exe
C:\Users\Shelia\AppData\Local\Temp\YgoUpdater.exe
 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Let me know how the machine is running after this fix. Let me know if it will boot to admin account.  Please post the log it produces.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 24 December 2014 - 09:11 PM

ok i can login the admin account and its showing the desktop
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by SYSTEM at 2014-12-24 21:08:15 Run:2
Running from g:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKU\Guest\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
HKU\Guest\...\RunOnce: [BrowserSafeguard FF:0] => "C:\Users\Guest\AppData\Local\BrowserSafeguard\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Guest\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users (the data entry has 65 more characters).
HKU\Guest\...\RunOnce: [Import FF:0] => C:\Users\Guest\AppData\Local\Search Extensions\Resources\certutil.exe [90112 2014-11-17] ()
HKU\Guest\...\Policies\Explorer: [NofolderOptions] 0
HKU\leon 2\...\Policies\Explorer: [NofolderOptions] 0
HKU\Shelia\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\Shelia\...\Policies\Explorer: [NofolderOptions] 0
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs:  c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4519240 2013-11-20] ()
AppInit_DLLs-x32: c:\progra~2\bearsh~1\mediabar\datamngr\datamngr.dll => "c:\progra~2\bearsh~1\mediabar\datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\bearsh~1\mediabar\datamngr\iebho.dll => "c:\progra~2\bearsh~1\mediabar\datamngr\iebho.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [4160840 2013-10-29] ()
S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [192152 2013-11-20] ()
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [120040 2014-11-24] (Sendori, Inc.) <==== ATTENTION
C:\Program Files (x86)\Sendori
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22760 2014-11-24] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3875048 2014-11-24] (Sendori) <==== ATTENTION
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1019328 2012-08-21] (Enigma Software Group USA, LLC.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
2014-12-22 13:05 - 2014-12-23 18:15 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shelia)
2014-12-22 13:05 - 2014-12-22 13:05 - 00000000 ____D () C:\Users\Shelia\AppData\Roaming\ProductData
2014-12-22 13:04 - 2014-12-22 13:06 - 00002150 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-12-22 13:04 - 2014-12-22 13:05 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-22 13:04 - 2014-12-22 13:04 - 00003216 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-12-22 13:04 - 2014-12-22 13:04 - 00003160 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-12-22 13:03 - 2014-12-22 13:49 - 00000000 ____D () C:\ProgramData\SharkManCoupon
2014-12-16 16:48 - 2014-12-22 13:49 - 00000000 ____D () C:\ProgramData\savingtoyouo
2014-12-22 13:49 - 2014-10-27 23:19 - 00000000 ____D () C:\ProgramData\KIngCoUpoin
2014-12-22 13:49 - 2014-10-27 23:18 - 00000000 ____D () C:\ProgramData\RoyaLShopperrAApp
2014-12-22 13:49 - 2014-10-10 18:09 - 00000000 ____D () C:\ProgramData\LLUckyCoupon
2014-12-22 13:49 - 2013-11-20 18:09 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-12-22 13:49 - 2013-11-20 18:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-12-22 13:49 - 2013-10-10 18:31 - 00000000 ____D () C:\Program Files (x86)\RelevantKnowledge
2014-12-22 13:49 - 2013-10-10 18:28 - 00000000 ____D () C:\ProgramData\GorillaPrice
2014-12-22 13:49 - 2013-10-10 18:24 - 00000000 ____D () C:\ProgramData\WeCareReminder
2014-12-22 13:49 - 2012-09-17 10:03 - 00000000 ____D () C:\Program Files (x86)\Playbryte
2014-12-22 13:49 - 2012-09-16 09:40 - 00000000 ____D () C:\Program Files (x86)\PriceGong
2014-12-22 13:49 - 2012-05-08 18:00 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
2014-12-22 13:41 - 2013-11-30 21:56 - 00000000 ____D () C:\Users\Shelia\AppData\Local\Pokki
C:\Users\Guest\AppData\Local\Temp\3scrs2ta.dll
C:\Users\Guest\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Guest\AppData\Local\Temp\rtKy8FlDKq.exe
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite10038.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite14781.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite16653.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite17753.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite18556.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite22319.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite27449.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite30718.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite31554.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite32501.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite35286.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite53942.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite65576.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite70736.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71453.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71705.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite72950.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite73455.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite74127.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite77507.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite78655.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite84154.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite85398.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite86411.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite87478.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite88436.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite89008.dll
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite94885.dll
C:\Users\leon 2\AppData\Local\Temp\contentDATs.exe
C:\Users\leon 2\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\leon 2_2\AppData\Local\Temp\wfv6lctd.dll
C:\Users\Shelia\AppData\Local\Temp\AskSLib.dll
C:\Users\Shelia\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Shelia\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Shelia\AppData\Local\Temp\Installhelper.dll
C:\Users\Shelia\AppData\Local\Temp\NEWFD9F.tmp.exe
C:\Users\Shelia\AppData\Local\Temp\oct9C85.tmp.exe
C:\Users\Shelia\AppData\Local\Temp\oi_{988B2167-F2DA-4B89-A3DD-B45AF7793EA9}.exe
C:\Users\Shelia\AppData\Local\Temp\Player_Setup.exe
C:\Users\Shelia\AppData\Local\Temp\setup.exe
C:\Users\Shelia\AppData\Local\Temp\SHSetup.exe
C:\Users\Shelia\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Shelia\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Shelia\AppData\Local\Temp\verify.exe
C:\Users\Shelia\AppData\Local\Temp\wget.exe
C:\Users\Shelia\AppData\Local\Temp\YgoUpdater.exe
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Support => value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\RunOnce\\BrowserSafeguard FF:0 => value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Import FF:0 => value deleted successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully.
HKU\leon 2\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully.
HKU\Shelia\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
HKU\Shelia\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully.
"C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll" => Value Data removed successfully.
" C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll" => Value Data removed successfully.
" c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value Data removed successfully.
"c:\progra~2\bearsh~1\mediabar\datamngr\datamngr.dll" => Value Data removed successfully.
" c:\progra~2\bearsh~1\mediabar\datamngr\iebho.dll" => Value Data removed successfully.
" c:\progra~2\optimi~1\optpro~1.dll" => Value Data removed successfully.
70e6ca8c => Service deleted successfully.
Application Sendori => Service deleted successfully.
C:\Program Files (x86)\Sendori => Moved successfully.
Service Sendori => Service deleted successfully.
sndappv2 => Service deleted successfully.
SpyHunter 4 Service => Service deleted successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Shelia) => Moved successfully.
C:\Users\Shelia\AppData\Roaming\ProductData => Moved successfully.
C:\Users\Public\Desktop\Driver Booster 2.lnk => Moved successfully.
C:\ProgramData\ProductData => Moved successfully.
C:\Windows\System32\Tasks\Driver Booster Scan => Moved successfully.
C:\Windows\System32\Tasks\Driver Booster Update => Moved successfully.
C:\ProgramData\SharkManCoupon => Moved successfully.
C:\ProgramData\savingtoyouo => Moved successfully.
C:\ProgramData\KIngCoUpoin => Moved successfully.
C:\ProgramData\RoyaLShopperrAApp => Moved successfully.
C:\ProgramData\LLUckyCoupon => Moved successfully.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\Program Files (x86)\RelevantKnowledge => Moved successfully.
C:\ProgramData\GorillaPrice => Moved successfully.
C:\ProgramData\WeCareReminder => Moved successfully.
C:\Program Files (x86)\Playbryte => Moved successfully.
C:\Program Files (x86)\PriceGong => Moved successfully.
C:\Program Files (x86)\FrostWire 5 => Moved successfully.
C:\Users\Shelia\AppData\Local\Pokki => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\3scrs2ta.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\AllDaySavings.exe => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\rtKy8FlDKq.exe => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite10038.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite14781.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite16653.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite17753.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite18556.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite22319.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite27449.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite30718.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite31554.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite32501.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite35286.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite53942.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite65576.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite70736.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71453.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite71705.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite72950.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite73455.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite74127.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite77507.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite78655.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite84154.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite85398.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite86411.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite87478.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite88436.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite89008.dll => Moved successfully.
C:\Users\Guest\AppData\Local\Temp\System.Data.SQLite94885.dll => Moved successfully.
C:\Users\leon 2\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\leon 2\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\leon 2_2\AppData\Local\Temp\wfv6lctd.dll => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\BearShare_setup.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\Installhelper.dll => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\NEWFD9F.tmp.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\oct9C85.tmp.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\oi_{988B2167-F2DA-4B89-A3DD-B45AF7793EA9}.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\Player_Setup.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\verify.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\wget.exe => Moved successfully.
C:\Users\Shelia\AppData\Local\Temp\YgoUpdater.exe => Moved successfully.
 
==== End of Fixlog 21:08:46 ====


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:14 PM

Posted 24 December 2014 - 09:14 PM

Ok now lets run FRST from your admin desktop here how. It should produce FRST.txt and Addition.txt. Please post both.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users