I have roeloaded OS and installed antivirous, fire wall and anti spyware. I cxant get as clean reload, all traffic is redirected making data unreliable, purchases risky and often faked or blocked, online classesd and access to gov. services blocked. dozens of userslogged on an.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by friar tuck at 16:23:40 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1844 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
hxxp://www.google.com/mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D9C96042-DD0D-487E-BD8D-5F9A2069DCA6} : DhcpNameServer = 192.168.1.254
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-10 654408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
.
=============== Created Last 30 ================
.
2012-04-11 22:47:41 -------- d-----w- C:\Users\friar tuck\AppData\Local\Diagnostics
2012-04-11 22:37:52 388096 ----a-r- C:\Users\friar tuck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-11 22:37:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-11 22:29:08 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F469164C-2DAE-4B04-B064-5F24BB9AC936}\gapaengine.dll
2012-04-11 22:28:45 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04D677ED-EE41-49C1-A0DB-B6D680B14DF6}\mpengine.dll
2012-04-11 22:03:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-11 22:03:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-04-11 22:02:50 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-04-11 22:02:50 1898376 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-04-10 22:32:37 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-04-10 22:32:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-04-10 22:32:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-10 22:32:36 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-10 22:32:36 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-10 22:32:34 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-10 22:32:34 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-10 22:32:34 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-10 22:32:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-04-10 21:53:14 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\SpeedMaxPc
2012-04-10 21:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2012-04-10 21:53:07 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-04-10 21:43:43 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\Malwarebytes
2012-04-10 21:43:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-10 21:43:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-10 21:43:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-10 19:06:07 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\PC Unleashed Online
2012-04-10 19:06:07 -------- d-----w- C:\Users\friar tuck\AppData\Roaming\DriverCure
2012-04-10 19:05:59 -------- d-----w- C:\ProgramData\PC Unleashed Online
2012-04-10 19:05:59 -------- d-----w- C:\Program Files (x86)\Common Files\PC Unleashed Online
2012-04-10 18:55:49 -------- d-----w- C:\ProgramData\Uniblue
2012-04-10 18:18:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-04-10 18:04:34 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-04-10 17:51:26 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{297C5F9B-C921-4896-947D-7B2BD43A2F71}\mpengine.dll
2012-04-10 17:51:25 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-04-10 17:05:59 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-04-08 04:09:06 -------- d-----w- C:\Windows\Panther
2012-04-08 04:00:14 -------- d-----w- C:\Users\friar tuck\AppData\Local\Privatefirewall
2012-04-08 03:57:21 -------- d-----w- C:\ProgramData\Privacyware
2012-04-08 03:42:08 -------- d-sh--w- C:\Windows\Installer
2012-04-08 03:41:49 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-08 03:41:49 -------- d-----w- C:\Program Files\AVAST Software
.
==================== Find3M ====================
..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2012 8:26:45 PM
System Uptime: 4/11/2012 3:05:35 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 280.012 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Network Controller
Device ID: PCI\VEN_10EC&DEV_8171&SUBSYS_1467103C&REV_10\4&28FAE2AB&0&00E0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_10EC&DEV_8171&SUBSYS_1467103C&REV_10\4&28FAE2AB&0&00E0
Service:
.
==== System Restore Points ===================
.
RP1: 4/7/2012 8:41:38 PM - avast! Internet Security Setup
RP2: 4/7/2012 8:57:03 PM - Installed Privatefirewall 7.0
RP3: 4/10/2012 10:06:35 AM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP4: 4/10/2012 10:09:42 AM - Revo Uninstaller's restore point - Privatefirewall 7.0
RP5: 4/10/2012 10:09:56 AM - Removed Privatefirewall 7.0
RP6: 4/10/2012 10:51:09 AM - Windows Update
RP7: 4/10/2012 3:27:25 PM - Revo Uninstaller's restore point - SpeedMaxPc
RP8: 4/10/2012 3:31:31 PM - Revo Uninstaller's restore point - Uniblue DriverScanner
RP9: 4/10/2012 3:34:19 PM - Revo Uninstaller's restore point - PC Unleashed Online PC Unleashed
RP10: 4/10/2012 3:36:22 PM - Revo Uninstaller's restore point - Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP11: 4/10/2012 3:36:51 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP12: 4/11/2012 2:17:08 PM - Windows Update
RP13: 4/11/2012 2:59:58 PM - avast! Internet Security Setup
RP14: 4/11/2012 3:02:36 PM - Windows Update
RP15: 4/11/2012 3:26:24 PM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP16: 4/11/2012 3:37:13 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
HiJackThis
Malwarebytes Anti-Malware version 1.61.0.1400
Revo Uninstaller 1.92
.
==== Event Viewer Messages From Past Week ========
.
4/11/2012 3:38:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1566.0 Update Source: Microsoft Update Server Update Stage: Download Source Path:
http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/11/2012 3:38:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1566.0 Update Source: Microsoft Update Server Update Stage: Download Source Path:
http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/11/2012 3:05:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path:
http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path:
http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
4/11/2012 3:04:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path:
http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
4/10/2012 3:23:48 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/10/2012 3:22:41 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
.
============= FINISH: 16:24:19.00 ===============
d I am locked out of settings.
Login
Register
FAQ
Search