Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with Sendori or some other type of broswer hijacker?


  • Please log in to reply
10 replies to this topic

#1 eapoe1

eapoe1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 December 2013 - 01:57 AM

Two days ago, I noticed that random words on various websites where hyperlinks weren't even inserted were now orange and underlined. The browser I use is Mozilla Firefox. When I clicked them, it always redirected me to some advertisement website. This was happening to Wikipedia articles and a bunch of other pages. Immediately I suspected a virus, so I look in Windows Task Manager and I see a single mysterious program running (using up a ridiculous amount of cpu) called Sendori.

 

I go to Control Panel, Uninstall Programs and I uninstall Sendori. I seriously doubt that whatever it is so easily let me remove it from my computer. Mozilla Firefox has become completely inoperable, I attempt to go to a website and all it does is load and load (connecting...) Although Internet Explorer works just fine without any noticeable issues.

 

I searched in my registry for "sendori" and there are multiple registry logs I am directed to. After a search in %appdata% and Program Files (x86) I could not find anything Sendori related.

 

Another thing that started happening is programs that use Java randomly shut down or error messages pop up. I'm not completely sure what is wrong with my computer. Any help is appreciated!


Edited by eapoe1, 14 December 2013 - 01:59 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:25 PM

Posted 14 December 2013 - 05:13 AM

Hello eapoe, and welcome -

The Sendori application comes bundled with some toolbars and other useless stuff, usually as part of a Torrent download. Another reason for not using uTorrent and related sites -

Look for By using this site you agree to etc , etc , etc, . And other similar items that you agree to when downloading from all sites ! ! ! !

Can you see the program in Windows Task Manager, or programs and features ??

If you are not able to uninstall this from Programs or from Task Manager then we may need to use other methods.

 

Download Autoruns to your desktop
Double click on Autoruns exe.
Allow the program to fully populate (this will take a few minutes)
Go > File > Save > Save as Autoruns.txt > File Type > All Files
Save to Desktop
Copy and Paste the Autoruns.txt back here

 

Thank You -



#3 eapoe1

eapoe1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 December 2013 - 01:51 PM

Hey noknojon, thanks for getting back to me.

 

I no longer see Sendori in Task Manager or in programs, I am still experiencing virus-like symptoms though (mainly when I use Mozilla).

 

Here is the text of the file, I hope I did it correctly.

--------

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" "" "9/7/2010 11:37 AM"
+ "rdpclip" "" "" "File not found: rdpclip" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "4/1/2013 7:39 PM"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe" "10/13/2011 8:05 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "12/14/2013 11:03 AM"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" "9/24/2012 7:55 PM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "3/29/2012 9:17 PM"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "7/13/2009 4:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "3/29/2012 9:17 PM"
+ "Internet Explorer" "" "" "File not found: C:\Windows\system32\ie4uinit.exe" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "7/13/2009 4:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "10/29/2013 7:13 PM"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "6/21/2013 1:54 AM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/19/2013 3:53 PM"
+ "TuneUp Shredder Shell Extension" "TuneUp Shredder Shell Extension" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\sdshelex-x64.dll" "5/29/2012 11:43 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "2/17/2012 7:55 AM"
+ "WondershareVideoConverterFileOpreation" "" "" "c:\windows\syswow64\wscm64.dll" "12/31/1969 5:00 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/19/2013 3:53 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll" "11/18/2010 9:08 AM"
+ "TuneUp Shredder Shell Extension" "TuneUp Shredder Shell Extension" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\sdshelex-win32.dll" "5/29/2012 11:40 AM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "9/7/2010 11:45 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 1:39 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "3/29/2012 10:06 PM"
+ "TuneUp Disk Space Explorer Shell Extension" "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\dseshext-x64.dll" "5/29/2012 11:43 AM"
+ "TuneUp Shredder Shell Extension" "TuneUp Shredder Shell Extension" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\sdshelex-x64.dll" "5/29/2012 11:43 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "3/29/2012 10:06 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll" "11/18/2010 9:08 AM"
+ "TuneUp Disk Space Explorer Shell Extension" "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\dseshext-x86.dll" "5/29/2012 11:40 AM"
+ "TuneUp Shredder Shell Extension" "TuneUp Shredder Shell Extension" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\sdshelex-win32.dll" "5/29/2012 11:40 AM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "3/29/2012 10:06 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "3/29/2012 10:06 PM"
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll" "11/18/2010 9:08 AM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "9/7/2010 11:46 AM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "7/13/2009 6:32 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "9/7/2010 11:46 AM"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "7/13/2009 6:09 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "8/17/2012 4:05 PM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "7/27/2012 12:25 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "8/17/2012 4:05 PM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll" "2/28/2013 1:39 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "8/17/2012 4:05 PM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "8/17/2012 4:05 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "8/17/2012 4:05 PM"
+ "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "2/17/2012 7:55 AM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "12/14/2013 11:25 AM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll" "7/27/2012 11:58 AM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll" "10/8/2013 7:43 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll" "10/8/2013 7:43 AM"
"Task Scheduler" "" "" "" ""
+ "\Adobe online update program" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "7/12/2012 12:30 AM"
+ "\AdobeAAMUpdater-1.0-Matt-PC-Matt" "" "" "File not found: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ""
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe" "6/22/2012 12:11 PM"
+ "\Java Update Scheduler" "Java™ Update Scheduler" "Oracle Corporation" "c:\program files (x86)\common files\java\java update\jusched.exe" "7/2/2013 9:16 AM"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" "7/13/2009 4:53 PM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "6/10/2009 1:36 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "7/13/2009 5:24 PM"
+ "\TuneUpUtilities_Task_BkGndMaintenance2012" "TuneUp 1-Click Maintenance" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\oneclick.exe" "5/29/2012 11:44 AM"
+ "\{04E91A0A-8A83-4CED-BFD9-1FC89A5B3412}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
+ "\{2004F86A-D70C-43FA-B307-CC44D720B1EA}" "" "" "File not found: C:\Program Files\Mafia\Game.exe" ""
+ "\{5DDA0E28-F05F-4CF8-B29C-A221865D155E}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
+ "\{7578223E-5629-407A-B059-CA813A5D4D41}" "" "" "File not found: C:\Program Files\Mafia\Game.exe" ""
+ "\{7976327E-0657-428A-BC4D-E6BE80CC595A}" "" "" "File not found: C:\Program Files\Mafia\Game.exe" ""
+ "\{C050D6A6-1CE2-43B0-862D-309B798A018E}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
+ "\{C5F36A33-8B78-4790-983D-9E39800FF9F0}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "8/7/2012 3:44 PM"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "7/12/2012 12:29 AM"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe" "9/19/2010 6:55 PM"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe" "2/28/2013 1:38 PM"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe" "2/28/2013 1:38 PM"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe" "11/12/2013 6:14 PM"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "6/21/2013 1:53 AM"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe" "12/11/2013 11:57 AM"
+ "TuneUp.UtilitiesSvc" "This service analyzes the usage of your computer in the background, enabling automatic usage-dependent optimizations. All of its functions can be set in TuneUp Utilities. If you stop or disable this service, parts of TuneUp Utilities will not work anymore." "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\tuneuputilitiesservice64.exe" "5/29/2012 11:46 AM"
+ "UxTuneUp" "Allows to use visual styles without Microsoft signature." "TuneUp Software" "c:\windows\system32\uxtuneup.dll" "5/29/2012 11:44 AM"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "5/26/2013 10:51 PM"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "11/20/2010 4:18 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "8/7/2012 3:44 PM"
+ "adfs" "Adobe Drive File System Driver" "Adobe Systems, Inc." "c:\windows\system32\drivers\adfs.sys" "6/26/2008 1:52 PM"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "12/5/2008 4:54 PM"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "5/1/2007 10:30 AM"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "2/27/2007 5:04 PM"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "7/13/2009 4:19 PM"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" "9/19/2010 6:47 PM"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys" "9/19/2010 6:21 PM"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "3/18/2010 5:45 PM"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "3/20/2009 11:36 AM"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "3/19/2010 9:18 AM"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "5/24/2007 2:27 PM"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "1/14/2009 12:27 PM"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" "9/19/2010 6:47 PM"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "2/13/2009 3:18 PM"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "4/26/2009 4:14 AM"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "8/6/2006 6:51 PM"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "8/6/2006 6:51 PM"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "8/6/2006 6:51 PM"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "8/6/2006 6:51 PM"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "8/6/2006 6:51 PM"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "8/9/2006 5:11 AM"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "7/13/2009 4:19 PM"
+ "EagleX64" "" "" "File not found: C:\Windows\system32\drivers\EagleX64.sys" ""
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "12/31/2008 9:29 AM"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "2/3/2009 3:52 PM"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "5/11/2009 1:26 AM"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "4/20/2010 11:32 AM"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "6/10/2010 5:46 PM"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "12/13/2005 2:47 PM"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "12/9/2008 3:46 PM"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "5/18/2009 5:20 PM"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "5/18/2009 5:31 PM"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "4/16/2009 3:13 PM"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys" "2/28/2013 1:33 PM"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "5/18/2009 6:09 PM"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "5/18/2009 6:25 PM"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "6/6/2006 2:11 PM"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "3/19/2010 1:59 PM"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "3/19/2010 1:45 PM"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "1/22/2009 4:05 PM"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "5/18/2009 6:18 PM"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys" "6/9/2011 11:33 PM"
+ "rtl8192se" "Realtek RTL81892SE NDIS Driverr" "Realtek Semiconductor Corporation                           " "c:\windows\system32\drivers\rtl8192se.sys" "9/7/2011 2:57 AM"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 6:18 AM"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "9/24/2008 11:28 AM"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "10/1/2008 2:56 PM"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "2/17/2009 4:03 PM"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys" "10/13/2011 7:34 PM"
+ "TuneUpUtilitiesDrv" "TuneUp Utilities Driver" "TuneUp Software" "c:\program files (x86)\tuneup utilities 2012\tuneuputilitiesdriver64.sys" "9/17/2009 4:54 AM"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys" "1/15/2011 9:21 AM"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "7/13/2009 4:19 PM"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "1/30/2009 6:18 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "10/9/2013 6:45 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "7/13/2009 6:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "12/14/2013 11:03 AM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "7/13/2009 6:06 PM"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\syswow64\vorbis.acm" "8/2/2009 9:09 PM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "11/20/2010 4:59 AM"
 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:25 PM

Posted 14 December 2013 - 03:10 PM

This is how it normally looks when printed out, but it is simple to read.

 

Re-open Autoruns and at the left side of these items you can Untick them.

They are older or orphaned items, but for now do not delete any as you may want them later.

 

rdpclip" "" "" "File not found: rdpclip
Internet Explorer" "" "" "File not found: C:\Windows\system32\ie4uinit.exe
 "\{04E91A0A-8A83-4CED-BFD9-1FC89A5B3412}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
 "\{2004F86A-D70C-43FA-B307-CC44D720B1EA}" "" "" "File not found: C:\Program Files\Mafia\Game.exe" ""
"\{5DDA0E28-F05F-4CF8-B29C-A221865D155E}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
 "\{7578223E-5629-407A-B059-CA813A5D4D41}" "" "" "File not found: C:\Program Files\Mafia\Game.exe" ""
  "\{7976327E-0657-428A-BC4D-E6BE80CC595A}" "" "" "File not found: C:\Program Files\Mafia\Game.exe" ""
 "\{C050D6A6-1CE2-43B0-862D-309B798A018E}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
 "\{C5F36A33-8B78-4790-983D-9E39800FF9F0}" "" "" "File not found: C:\Users\Matt\Downloads\mafiaconv1.2.1\MafiaCon.exe" ""
"EagleX64" "" "" "File not found: C:\Windows\system32\drivers\EagleX64.sys"

 

Once you have finished with the above project .................

 

Next -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to desktop to run it.
Checkmark following boxes:
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Click Go and post the result. (result.txt)

 

 

Thank You -
 



#5 eapoe1

eapoe1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 14 December 2013 - 05:18 PM

As you have requested, good sir, the results of Security Check first:

 

 

 

 Results of screen317's Security Check version 0.99.77 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 TuneUp Utilities 2012  
 TuneUp Utilities Language Pack (en-US)
 JavaFX 2.1.1   
 Java 7 Update 45 
 Adobe Flash Player 11.9.900.170 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

 

 

 

 

 

 

 

 

------------------------------------ and the results of minitoolbox -------------------------------

 

 

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Matt (administrator) on 14-12-2013 at 15:14:32
Running from "C:\Users\Matt\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/13/2013 10:07:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204
Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e
Exception code: 0xc0000005
Fault offset: 0x00118f87
Faulting process id: 0x7c4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

System errors:
=============
Error: (12/13/2013 09:14:39 PM) (Source: DCOM) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (12/13/2013 09:13:56 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/13/2013 06:53:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/13/2013 06:53:52 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/13/2013 02:10:10 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.4.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.

Error: (12/13/2013 00:50:37 PM) (Source: DCOM) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (12/13/2013 00:17:17 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (12/13/2013 00:17:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/13/2013 11:53:24 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.

Error: (12/12/2013 10:46:20 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (12/13/2013 10:07:49 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f877c401cef88165901cdeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllacb8ea00-647d-11e3-8248-c80aa9bb4959

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/13/2013 06:53:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (12/13/2013 06:53:51 PM) (Source: Windows Search Service)(User: )
Description:
Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

=========================== Installed Programs ============================

7-Zip 9.20
Adobe Digital Editions 2.0 (Version: 2.0.1)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Photoshop Lightroom 4.3 64-bit (Version: 4.3.1)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Avadon -  The Black Fortress (Version: 2.0.0.2)
CCleaner (Version: 3.20)
Chord Pickout 2.0 (Version: 2.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
QuickTime (Version: 7.73.80.64)
Roland Digital Piano Driver
RuneScape Launcher 1.2.3 (Version: 1.2.3)
Skype™ 6.6 (Version: 6.6.106)
Steam
Synaptics Pointing Device Driver (Version: 15.3.29.0)
TuneUp Utilities 2012 (Version: 12.0.3600.104)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VLC media player 2.0.6 (Version: 2.0.6)
WinRAR 4.11 (64-bit) (Version: 4.11.0)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 1786.9 MB
Available physical RAM: 745.08 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 1981.75 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:242.73 GB) NTFS

========================= Users: ========================================

User accounts for \\MATT-PC

Administrator            Guest                    Matt                    

**** End of log ****

 

 

 

 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:25 PM

Posted 14 December 2013 - 11:18 PM

Hi -
One of the things I was looking for was an Antivirus program ...........

 

All I had you do was clean up some old game items and no more .

 

There seems to be nothing listed - With JavaFX 2, Skype, and Steam  you do need one.

 

TuneUp Utilities 2012 <= This is not Antivirus (it is very old and could be updated / deleted)
Malwarebytes Anti-Malware <= This is not Antivirus

 

Read This page for information on free programs that you need.

 

This was a couple of days ago -
Error: (12/12/2013 10:46:20 PM) - Description: The Service Sendori service terminated unexpectedly.

 

Just to check -

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At worst the tool will run for about 2 minutes

Important: Do not reboot your computer until you complete the next step.

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Update your Malwarebytes Anti-Malware program and then run a Full Scan -

Post the results back here -

 

Last -

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

No log is produced, so there is nothing to report -

 

 

Thank You -



#7 eapoe1

eapoe1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 15 December 2013 - 04:57 PM

Yes, all I have is Malware Bytes. I was told by my brother that it was the only program I would need. It seems my computer is more vulnerable than previously expected. I shall remedy this by installing an antivirus. Now for what you asked me to do:

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Matt on Sun 12/15/2013 at 11:21:15.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\vid-saver_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\vid-saver_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033343391}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{33333333-3333-3333-3333-330033343391}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

~~~ Files

Successfully deleted: [File] "C:\Windows\syswow64\wscm64.dll"

 

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\n85gpf6z.default\minidumps [14 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/15/2013 at 11:29:36.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.015 - Report created 15/12/2013 at 11:40:30
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GOGPACKAVADONTHEBLACKFORTRESS_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\n85gpf6z.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1283 octets] - [15/12/2013 11:39:05]
AdwCleaner[S0].txt - [1204 octets] - [15/12/2013 11:40:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1264 octets] ##########

 

 

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

Database version: v2013.12.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Matt :: MATT-PC [administrator]

Protection: Enabled

12/15/2013 11:46:35 AM
mbam-log-2013-12-15 (11-46-35).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365014
Time elapsed: 1 hour(s), 5 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:25 PM

Posted 16 December 2013 - 12:35 AM

Yes, all I have is Malware Bytes. I was told by my brother that it was the only program I would need. It seems my computer is more vulnerable than previously expected. I shall remedy this by installing an antivirus. Now for what you asked me to do:

Even the Pro version of Malwarebytes is not an Antivirus program, and should never be regarded as such.

It is a program to run beside your Antivirus (any type of free A / virus will do).

 

Install your Antivirus (Microsoft Security Essentials will do) and set it to active, then run a full scan with it just to be sure.

 

JRT Program ripped a lot of minor problems out for now -

 

Run ESETOnlineScanner Please use Internet Explorer as the scanner uses ActiveX
If you will not use Internet Explorer, please see 3 - 1 & 3 - 2
1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- 3 - 1 .Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 3 - 2 .Double click on esetsmartinstaller_enu on your desktop.
4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer.

* Please be patient as this will take quite some time.
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE:Sometimes if ESET finds no infections it will not create a log.

 

How are things running now and please post the report from ESET Scanner -

 

Thank You -



#9 eapoe1

eapoe1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 16 December 2013 - 09:50 PM

Apologies for getting back to you rather late. So I downloaded Avast after reading about each free antivirus. If you recommend Windows Security Essentials I will go get that one immediately. I also ran the ESET online scan and after nearly two hours of scanning, it came up with no infections. There was no way to export the log or the results of the scan so I took a screenshot.

tumblr_mxx6seUQ4Q1rem1a3o1_1280.png

 

Firefox is performing much better, and the yellow hyperlinks to all of those advertisement websites are gone. Do you think I have any remnants of Sendori on my computer?



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:25 PM

Posted 17 December 2013 - 05:02 AM

* NOTE:Sometimes if ESET finds no infections it will not create a log.

A non reply is usual for no results in the scan -
It looks a lot better, so please install any Free Antivirus just to keep your computer cleaner.

 

Personally, I would remove this =>TuneUp Utilities 2012, as it is not a "real" security program (plus a couple of years outdated now).

I use Microsoft Security Essentials, and it has prevented infections, along with Malwarebytes Anti-Malware program on 2 computers, and they have no problems together on 99% of systems.

 

Just watch it for a few days, but it sounds better -



#11 eapoe1

eapoe1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 17 December 2013 - 09:04 PM

Many thanks kind sir, I appreciate all that you have done to make sure that my system is safe and virus free. I uninstalled TuneUp Utilities 2012, as you recommended. I will also get Microsoft Security Essentials. So my system is seemingly clean, and I will definitely be keeping a close eye on everything.

Once again, you have my gratitude for your awesome work helping me and everyone else with computer issues. I'll make sure to tell others about this site if they ever have any issues.

-eapoe1






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users