Jump to content

I've been infected I'm pretty sure by a Trojan - Can't run IE or FF. Only access to IE 64-bit. Also can't update MWBytes.


Recommended Posts

Can someone please assist with removing a vicious trojan from my computer.

I tried to work with TWC as that is who I have internet with but I am unable to run the remote controls program.

Any program or task that requires a new window to be open doesn't work. In FF when I put in a website it does nothing.

I can no longer recieve emails via Outlook. I was in the process of removing PC Tools anti-virus to install McAfee when this problem started.

MWBytes PRO was still installed and running. I've tried several things so I'm wondering if I should just backup data and reformat my HD to clean it up.

I have noticed a program Sendori that I can't remove. Please help!!

Thanks,

Link to post
Share on other sites

I have MWBytes PRO installed on my computer.

DDS and ATTACH Log Output

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.15.2

Run by Bethea Family at 15:49:13 on 2013-03-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6520 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Sendori\SendoriUp.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Bethea Family\AppData\Local\Temp\mcitinfo_1363389419.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [McAfee McItInfo] C:\Users\BETHEA~1\AppData\Local\Temp\mcitinfo_1363389419.exe /itinsfin:C:\Users\BETHEA~1\AppData\Local\Temp\mcininfo_1363389419.ini

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [iCF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe"

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

LSP: C:\Windows\System32\Sendori.dll

Trusted Zone: cinemanow.com

Trusted Zone: cinemanow.com

Trusted Zone: qflix.com

Trusted Zone: roxio.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{0F580776-7D1B-4BF8-8435-B00FFE063D6F} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1

TCP: Interfaces\{0F580776-7D1B-4BF8-8435-B00FFE063D6F} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs=

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 752672]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 335784]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-13 55856]

R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-9-13 27120]

R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-9-13 19952]

R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-9-13 27632]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]

R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-25 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-25 682344]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-3-17 177144]

R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]

R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-25 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]

S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-24 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-23 1255736]

.

=============== Created Last 30 ================

.

2013-03-17 18:17:35 177144 ----a-w- C:\Windows\System32\mfevtps.exe

2013-03-17 16:55:47 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft

2013-03-17 15:58:09 -------- d-----w- C:\Users\Bethea Family\AppData\Local\VS Revo Group

2013-03-17 15:58:07 -------- d-----w- C:\ProgramData\VS Revo Group

2013-03-17 15:39:13 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-03-17 15:33:20 -------- d-s---w- C:\Windows\SysWow64\Microsoft

2013-03-16 02:00:39 -------- d-----w- C:\Users\Bethea Family\AppData\Roaming\SUPERAntiSpyware.com

2013-03-16 02:00:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-03-16 02:00:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-03-16 01:23:19 -------- d-----w- C:\ProgramData\HitmanPro

2013-03-15 20:43:40 -------- d-----w- C:\Stinger_Quarantine

2013-03-03 16:32:07 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-27 01:32:42 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2013-03-12 23:24:18 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 23:24:18 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-03 16:31:01 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-03 16:31:01 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-07-14 19:07:12 4024320 ----a-w- C:\Program Files (x86)\GUT5B76.tmp

2012-07-11 15:13:10 4024320 ----a-w- C:\Program Files (x86)\GUT99FF.tmp

2012-03-25 18:08:06 3993600 ----a-w- C:\Program Files (x86)\GUT5F11.tmp

2012-03-20 02:55:05 3993600 ----a-w- C:\Program Files (x86)\GUT132E.tmp

.

============= FINISH: 15:49:35.58 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 8/23/2011 10:11:32 PM

System Uptime: 3/18/2013 8:03:22 AM (7 hours ago)

.

Motherboard: Dell Inc. | | 0T568R

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz | CPU 1 | 2912/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 917 GiB total, 601.816 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP171: 3/10/2013 12:01:27 PM - Scheduled Checkpoint

RP172: 3/12/2013 11:10:04 PM - Windows Update

RP173: 3/15/2013 8:36:09 PM - Windows Update

RP174: 3/15/2013 10:53:06 PM - Windows Update

RP175: 3/17/2013 11:38:49 AM - Removed Microsoft Silverlight

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

64 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.6)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

BIAS SoundSoap SE 2.2

Bonjour

Broadcom NetXtreme-I Netlink Driver and Management Installer

BufferChm

C4700

CinemaNow Media Manager

Dell Resource CD

Desktop Support Tools

Destinations

DeviceDiscovery

DirectX 9 Runtime

Easy Phone Sync

Garmin Communicator Plugin

Garmin Communicator Plugin x64

Garmin Lifetime Updater

Garmin USB Drivers

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HD Writer AE 3.0

Hewlett-Packard ACLM.NET v1.1.0.0

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPPhotoGadget

HPProductAssistant

iCloud

Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32

iTunes

Java 7 Update 15

Java Auto Updater

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Outlook Personal Folders Backup

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

Picaboo X

PS_AIO_06_C4700_SW_Min

QuickTime

QuickTransfer

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Burn Manager

Roxio Burn Manager CDB

Roxio CinePlayer

Roxio CinePlayer Decoder Pack

Roxio Creator 2010 Content

Roxio Creator 2010 Pro

Roxio Disaster Recovery

Roxio File Backup

Roxio PhotoShow

Roxio Venue

Roxio Video Capture USB

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sendori

ShufflePlusVLOI

SmartMusic 2012c

SmartSound Quicktracks Plugin

SmartSound Sonicfire Pro 5

SmartWebPrinting

SolutionCenter

Status

SUPERAntiSpyware

swMSM

Toolbox

TrayApp

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition

VD64Inst

WebReg

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

.

==== Event Viewer Messages From Past Week ========

.

3/18/2013 8:41:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

3/18/2013 8:05:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon

3/18/2013 8:05:31 AM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.

3/18/2013 8:04:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

3/18/2013 3:31:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NICK-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0F580776-7D1B-4BF8-8435-B00FFE063D6F}. The master browser is stopping or an election is being forced.

3/17/2013 12:57:24 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.8 with the system having network hardware address D0-E5-4D-A1-7E-C9. Network operations on this system may be disrupted as a result.

3/17/2013 11:59:58 AM, Error: Service Control Manager [7003] - The PC Tools Browser Defender Driver service depends the following service: PCTCore. This service might not be installed.

3/17/2013 11:55:49 AM, Error: Service Control Manager [7030] - The SupportSoft RemoteAssist service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/15/2013 8:37:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2807986).

3/15/2013 8:24:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/15/2013 6:14:51 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/15/2013 6:14:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/15/2013 6:14:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/15/2013 6:14:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/15/2013 6:14:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/15/2013 6:14:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SaibVdAd64 spldr TfFsMon TFSysMon Wanarpv6

3/15/2013 5:51:26 PM, Error: Service Control Manager [7034] - The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

3/15/2013 4:19:24 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NICOLE-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0F580776-7D1B-4BF8-8435-B00FFE063D6F}. The master browser is stopping or an election is being forced.

3/15/2013 3:43:41 PM, Error: Service Control Manager [7034] - The Roxio SAIB Service service terminated unexpectedly. It has done this 1 time(s).

3/15/2013 3:43:41 PM, Error: Service Control Manager [7034] - The CinemaNow Service service terminated unexpectedly. It has done this 1 time(s).

3/15/2013 3:43:41 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s).

3/15/2013 3:43:41 PM, Error: Service Control Manager [7034] - The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).

3/15/2013 3:43:41 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

MWBytes PRO scan

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.16.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bethea Family :: BETHEAFAMILY-PC [administrator]

Protection: Enabled

3/18/2013 3:59:31 PM

mbam-log-2013-03-18 (15-59-31).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 462179

Time elapsed: 53 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hi akbethea,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

First off, please go into your add or remove programs in your control panel and uninstall Sendori.

Then,

AdwCleaner

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Link to post
Share on other sites

Ran AdwCleaner although Sendori is still on my computer?

# AdwCleaner v2.115 - Logfile created 03/18/2013 at 20:47:52

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Bethea Family - BETHEAFAMILY-PC

# Boot Mode : Normal

# Running from : C:\Users\Bethea Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVE4I72W\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Bethea Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2179 octets] - [18/03/2013 20:47:52]

AdwCleaner[s1].txt - [4024 octets] - [15/03/2013 20:29:08]

########## EOF - C:\AdwCleaner[R1].txt - [2299 octets] ##########

Link to post
Share on other sites

OK.... then let's get another log and then we will "rip it out"

Download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.