Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Compromised, taken over and redirected. all data sensored!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Compromised, taken over and redirected. all data sensored!

Unread postby m4nfr0m34rth » April 11th, 2012, 7:50 pm

I have roeloaded OS and installed antivirous, fire wall and anti spyware. I cxant get as clean reload, all traffic is redirected making data unreliable, purchases risky and often faked or blocked, online classesd and access to gov. services blocked. dozens of userslogged on an.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by friar tuck at 16:23:40 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1844 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D9C96042-DD0D-487E-BD8D-5F9A2069DCA6} : DhcpNameServer = 192.168.1.254
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
.
=============== Created Last 30 ================
.
2012-04-11 22:47:41 -------- d-----w- C:\Users\friar tuck\AppData\Local\Diagnostics
2012-04-11 22:37:52 388096 ----a-r- C:\Users\friar tuck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-11 22:37:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-11 22:29:08 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F469164C-2DAE-4B04-B064-5F24BB9AC936}\gapaengine.dll
2012-04-11 22:28:45 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04D677ED-EE41-49C1-A0DB-B6D680B14DF6}\mpengine.dll
2012-04-11 22:03:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-11 22:03:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-11 22:02:50 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-04-11 22:02:50 1898376 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-04-10 22:32:37 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-04-10 22:32:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-04-10 22:32:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-10 22:32:36 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-10 22:32:36 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-10 22:32:34 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-10 22:32:34 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-10 22:32:34 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-10 22:32:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-10 21:53:14 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\SpeedMaxPc
2012-04-10 21:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2012-04-10 21:53:07 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-04-10 21:43:43 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\Malwarebytes
2012-04-10 21:43:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-10 21:43:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-10 21:43:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-10 19:06:07 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\PC Unleashed Online
2012-04-10 19:06:07 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\DriverCure
2012-04-10 19:05:59 -------- d-----w- C:\ProgramData\PC Unleashed Online
2012-04-10 19:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\PC Unleashed Online
2012-04-10 18:55:49 -------- d-----w- C:\ProgramData\Uniblue
2012-04-10 18:18:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-04-10 18:04:34 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-04-10 17:51:26 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{297C5F9B-C921-4896-947D-7B2BD43A2F71}\mpengine.dll
2012-04-10 17:51:25 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-10 17:05:59 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-08 04:09:06 -------- d-----w- C:\Windows\Panther
2012-04-08 04:00:14 -------- d-----w- C:\Users\friar tuck\AppData\Local\Privatefirewall
2012-04-08 03:57:21 -------- d-----w- C:\ProgramData\Privacyware
2012-04-08 03:42:08 -------- d-sh--w- C:\Windows\Installer
2012-04-08 03:41:49 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-08 03:41:49 -------- d-----w- C:\Program Files\AVAST Software
.
==================== Find3M ====================
..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2012 8:26:45 PM
System Uptime: 4/11/2012 3:05:35 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 280.012 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_10EC&DEV_8171&SUBSYS_1467103C&REV_10\4&28FAE2AB&0&00E0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_10EC&DEV_8171&SUBSYS_1467103C&REV_10\4&28FAE2AB&0&00E0
Service:
.
==== System Restore Points ===================
.
RP1: 4/7/2012 8:41:38 PM - avast! Internet Security Setup
RP2: 4/7/2012 8:57:03 PM - Installed Privatefirewall 7.0
RP3: 4/10/2012 10:06:35 AM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP4: 4/10/2012 10:09:42 AM - Revo Uninstaller's restore point - Privatefirewall 7.0
RP5: 4/10/2012 10:09:56 AM - Removed Privatefirewall 7.0
RP6: 4/10/2012 10:51:09 AM - Windows Update
RP7: 4/10/2012 3:27:25 PM - Revo Uninstaller's restore point - SpeedMaxPc
RP8: 4/10/2012 3:31:31 PM - Revo Uninstaller's restore point - Uniblue DriverScanner
RP9: 4/10/2012 3:34:19 PM - Revo Uninstaller's restore point - PC Unleashed Online PC Unleashed
RP10: 4/10/2012 3:36:22 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP11: 4/10/2012 3:36:51 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP12: 4/11/2012 2:17:08 PM - Windows Update
RP13: 4/11/2012 2:59:58 PM - avast! Internet Security Setup
RP14: 4/11/2012 3:02:36 PM - Windows Update
RP15: 4/11/2012 3:26:24 PM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP16: 4/11/2012 3:37:13 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
HiJackThis
Malwarebytes Anti-Malware version 1.61.0.1400
Revo Uninstaller 1.92
.
==== Event Viewer Messages From Past Week ========
.
4/11/2012 3:38:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1566.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/11/2012 3:38:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1566.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/11/2012 3:05:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/10/2012 3:23:48 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/10/2012 3:22:41 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

.
============= FINISH: 16:24:19.00 ===============
d I am locked out of settings.
m4nfr0m34rth
Active Member
 
Posts: 2
Joined: April 11th, 2012, 7:20 pm
Advertisement
Register to Remove

Re: Compromised, taken over and redirected. all data sensore

Unread postby NonSuch » April 12th, 2012, 12:09 am

This topic is a duplicate copy of the original and therefore will be closed. The original will be left open.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 199 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware