Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Compromised, taken over and redirected. all data sensored!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Compromised, taken over and redirected. all data sensored!

Unread postby m4nfr0m34rth » April 11th, 2012, 7:50 pm

I have roeloaded OS and installed antivirous, fire wall and anti spyware. I cxant get as clean reload, all traffic is redirected making data unreliable, purchases risky and often faked or blocked, online classesd and access to gov. services blocked. dozens of userslogged on an.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by friar tuck at 16:23:40 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1844 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D9C96042-DD0D-487E-BD8D-5F9A2069DCA6} : DhcpNameServer = 192.168.1.254
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
.
=============== Created Last 30 ================
.
2012-04-11 22:47:41 -------- d-----w- C:\Users\friar tuck\AppData\Local\Diagnostics
2012-04-11 22:37:52 388096 ----a-r- C:\Users\friar tuck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-11 22:37:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-11 22:29:08 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F469164C-2DAE-4B04-B064-5F24BB9AC936}\gapaengine.dll
2012-04-11 22:28:45 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04D677ED-EE41-49C1-A0DB-B6D680B14DF6}\mpengine.dll
2012-04-11 22:03:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-11 22:03:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-11 22:02:50 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-04-11 22:02:50 1898376 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-04-10 22:32:37 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-04-10 22:32:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-04-10 22:32:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-10 22:32:36 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-10 22:32:36 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-10 22:32:34 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-10 22:32:34 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-10 22:32:34 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-10 22:32:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-10 21:53:14 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\SpeedMaxPc
2012-04-10 21:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2012-04-10 21:53:07 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-04-10 21:43:43 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\Malwarebytes
2012-04-10 21:43:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-10 21:43:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-10 21:43:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-10 19:06:07 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\PC Unleashed Online
2012-04-10 19:06:07 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\DriverCure
2012-04-10 19:05:59 -------- d-----w- C:\ProgramData\PC Unleashed Online
2012-04-10 19:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\PC Unleashed Online
2012-04-10 18:55:49 -------- d-----w- C:\ProgramData\Uniblue
2012-04-10 18:18:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-04-10 18:04:34 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-04-10 17:51:26 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{297C5F9B-C921-4896-947D-7B2BD43A2F71}\mpengine.dll
2012-04-10 17:51:25 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-10 17:05:59 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-08 04:09:06 -------- d-----w- C:\Windows\Panther
2012-04-08 04:00:14 -------- d-----w- C:\Users\friar tuck\AppData\Local\Privatefirewall
2012-04-08 03:57:21 -------- d-----w- C:\ProgramData\Privacyware
2012-04-08 03:42:08 -------- d-sh--w- C:\Windows\Installer
2012-04-08 03:41:49 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-08 03:41:49 -------- d-----w- C:\Program Files\AVAST Software
.
==================== Find3M ====================
..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2012 8:26:45 PM
System Uptime: 4/11/2012 3:05:35 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 280.012 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_10EC&DEV_8171&SUBSYS_1467103C&REV_10\4&28FAE2AB&0&00E0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_10EC&DEV_8171&SUBSYS_1467103C&REV_10\4&28FAE2AB&0&00E0
Service:
.
==== System Restore Points ===================
.
RP1: 4/7/2012 8:41:38 PM - avast! Internet Security Setup
RP2: 4/7/2012 8:57:03 PM - Installed Privatefirewall 7.0
RP3: 4/10/2012 10:06:35 AM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP4: 4/10/2012 10:09:42 AM - Revo Uninstaller's restore point - Privatefirewall 7.0
RP5: 4/10/2012 10:09:56 AM - Removed Privatefirewall 7.0
RP6: 4/10/2012 10:51:09 AM - Windows Update
RP7: 4/10/2012 3:27:25 PM - Revo Uninstaller's restore point - SpeedMaxPc
RP8: 4/10/2012 3:31:31 PM - Revo Uninstaller's restore point - Uniblue DriverScanner
RP9: 4/10/2012 3:34:19 PM - Revo Uninstaller's restore point - PC Unleashed Online PC Unleashed
RP10: 4/10/2012 3:36:22 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP11: 4/10/2012 3:36:51 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP12: 4/11/2012 2:17:08 PM - Windows Update
RP13: 4/11/2012 2:59:58 PM - avast! Internet Security Setup
RP14: 4/11/2012 3:02:36 PM - Windows Update
RP15: 4/11/2012 3:26:24 PM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP16: 4/11/2012 3:37:13 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
HiJackThis
Malwarebytes Anti-Malware version 1.61.0.1400
Revo Uninstaller 1.92
.
==== Event Viewer Messages From Past Week ========
.
4/11/2012 3:38:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1566.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/11/2012 3:38:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1566.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/11/2012 3:05:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/10/2012 3:23:48 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/10/2012 3:22:41 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

.
============= FINISH: 16:24:19.00 ===============
d I am locked out of settings.
m4nfr0m34rth
Active Member
 
Posts: 2
Joined: April 11th, 2012, 7:20 pm
Advertisement
Register to Remove

Re: Compromised, taken over and redirected. all data sensore

Unread postby deltalima » April 12th, 2012, 3:12 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Compromised, taken over and redirected. all data sensore

Unread postby deltalima » April 12th, 2012, 3:21 pm

Hi m4nfr0m34rth,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Compromised, taken over and redirected. all data sensore

Unread postby deltalima » April 15th, 2012, 2:03 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware