Police Pro, Total Security

View previous topic View next topic Go down

Police Pro, Total Security

Post by Kells12579 on Wed Sep 02, 2009 10:24 pm

Hi!!! I am a brand new member, so have never done this before. I am desperate here and have been reading about and trying to cure the total security virus, that has now seemed to turn into police pro. I don't know if that is possible, and I really don't know too much about this stuff.

Basically last night pop ups kept appearing, and they looked fake to me, so I did not buy their fake anti virus software. My desktop screen had a warning. The popups at this time were coming from something called Total security. This would not let me complete a system restore, download anything, access the internet, start the task manager, or restart the computer in safe mode.

I was able to get the task manager up by immediately pressing control alt delete and then stopping and deleting some process with lots of numbers.....I was unable to get the numbers written down, but I had read somewhere else that this was what to look for. I also searched for files called total security and deleted them. I then deleted all the files from the recycle bin.

This seemed to solve some problems, but my computer was still not downloading anything or letting me do a system restore or even start the laptop in safe mode. Almost immediately, more popups came and this time they were called police pro. I saw this as a virus as well when I did a google search, and the dates for other people's posts were within the last couple of days.

THis too would not let me do any of the other things I tried, but I did manage to delete the processes.

What do I do next??? I am desperate here. Any help would be greatly appreciated.

Thanks

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Police Pro

Post by Kells12579 on Wed Sep 02, 2009 10:57 pm

I was able to run and scan the Hijackthis and this is the cut and pasted scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:05, on 02/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Linda Kelly\Local Settings\Temporary Internet Files\Content.IE5\FJGZ76ME\winlogon[1].scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.64.0.21:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [14190154] C:\Documents and Settings\All Users\Application Data\14190154\14190154.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

--
End of file - 9065 bytes

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Belahzur on Wed Sep 02, 2009 11:55 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll (file missing)
    O4 - HKLM\..\Run: [14190154] C:\Documents and Settings\All Users\Application Data\14190154\14190154.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Police Pro

Post by Kells12579 on Thu Sep 03, 2009 2:07 am

Thanks so much for getting back to me.

I have redone the hijackthis scan and ticked and clicked on the fix checked box.


Then I tried to download the anti malware from the link.

A normal security warning comes up. I clicked run on malwarebytes.org and it starts to download the setup.

Then it asks if I want to run the software in another secruity warning box.

This time when I click run, a diff box pops ip that says:

Open with...
then gives a series of options like adobe, internet explorer, microsoft word, etc...

I have never seen this on my computer in 2 years until today. I have seen this on other computers years back.

So, I tried clicking on Internet Explorer to open the program.

Then it jsut repeats the process over and over again, never getting past me clicking on choose internet explorer....


HELP....what shall I try next????

Thanks so much.

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Metalmusk on Thu Sep 03, 2009 2:18 am

Hi Kelly,

Just click on the below link. It will download a Registry Key.

[You must be registered and logged in to see this link.]

Just Double click that Registry Key, you will mostly see 2 pop up. Just click Yes & Yes. So that the registry will merge in.


After that, you can run Malwarebytes as Belahzur said Smile

Metalmusk
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-21
OS OS : XP
Points Points : 27900
# Likes # Likes : 0

View user profile

Back to top Go down

Police Pro

Post by Kells12579 on Thu Sep 03, 2009 3:01 am

Hi again and thanks.....

That first link worked so then I was able to download the malware software and run a scan. The scan found a bunch of things that I had it remove.....some things were unable to remove but then it prompted a restart which I have done.


Here is the log:
It won't let me send it all in one message, so I'll split it up.

Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 5.1.2600 Service Pack 2

03/09/2009 03:51:42
mbam-log-2009-09-03 (03-51-42).txt

Scan type: Quick Scan
Objects scanned: 131308
Time elapsed: 19 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 30
Files Infected: 181

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

police pro....log page 2

Post by Kells12579 on Thu Sep 03, 2009 3:03 am

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14190154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\14190154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

police pro, log page 3

Post by Kells12579 on Thu Sep 03, 2009 3:04 am

Files Infected:
C:\Documents and Settings\All Users\Application Data\14190154\14190154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14190154\14190154.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14190154\pc14190154ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmlldgubyx.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmynmylvrg.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmulkfdxod.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\70.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Temporary Internet Files\Content.IE5\3I0JQOKP\setup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_07.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

police pro....log p. 4

Post by Kells12579 on Thu Sep 03, 2009 3:05 am

\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_07.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_07.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-141451.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-145710.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-150022.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

police pro...log page 5

Post by Kells12579 on Thu Sep 03, 2009 3:06 am

\NP_20090718-155718.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-164000.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-170215.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-102020.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-194956.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-200821.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-200821.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-085508.167.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-135621.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-143101.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-170250.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-173233.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-192453.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-141432.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-141451.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-145710.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-150022.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-155718.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-164000.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-170214.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-102020.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-194956.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-200821.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-200821.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-085508.151.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-135621.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-143101.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-170250.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-173233.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-192453.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\logon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl69.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl6B.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl6D.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmklsojgwb.dat (Rootkit.TDSS) -> Delete on reboot.


Thanks again for being so helpful!!

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Belahzur on Thu Sep 03, 2009 2:43 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Kells12579 on Thu Sep 03, 2009 2:48 pm

Some other problems today.....although it appears that I can do lots of stuff I couldn't yesterday....like add/remove programs, install things, etc....

The screen will randomly go blue and will say something like serious error and a whole screen of typing which I can't read because then it restarts so quickly.

Then after restarting it has an error message that says this system has recovered from a serous error. send/don't send

Error signature:

BCCcode : 3f . BCP1 : 00000000 BCP2 : 00000008 BCP3 : 00000006
BCP4: 0000CF2F OSVer : 5_1_2600 SP : 2_0 Product : 256_1

Error Report Contents:
C:DOCUME~1LINDAK~1TEMPWERD89f.dir 00
ini 090309-06.dmp
C:DOCUME~1LINDAK~1LOCALS~1TEMPWERD89f.dir00sysdata.xml


don't know if this is related or not to the virus, but I have never seen this type of thing .....recovered from a serious error......before.

Thanks again.....

now I see you have replied while I was typing this....So I will give a go at what you have said to do. Thanks

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Kells12579 on Thu Sep 03, 2009 2:54 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by Linda Kelly at 15:49:24.46 on 03/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.543 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Linda Kelly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = 10.64.0.21:8080
uInternet Settings,ProxyOverride = *.local;
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: ActiveGS.cab - [You must be registered and logged in to see this link.]
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [You must be registered and logged in to see this link.]
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [You must be registered and logged in to see this link.]
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - [You must be registered and logged in to see this link.]
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - [You must be registered and logged in to see this link.]
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [You must be registered and logged in to see this link.]
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - [You must be registered and logged in to see this link.]
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-6-6 6144]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-3-14 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-3-14 33408]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2007-8-10 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2007-11-12 98304]
S0 sjkd52c;sjkd52c;\SystemRoot\\SystemRoot\System32\drivers\sjkd52c.sys --> \SystemRoot\\SystemRoot\System32\drivers\sjkd52c.sys [?]
S1 7bc5f91b.sys;7bc5f91b.sys;\??\c:\windows\system32\drivers\7bc5f91b.sys --> c:\windows\system32\drivers\7bc5f91b.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-6-6 35968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-3 38160]
S3 STI2303X;SMART Board cable;c:\windows\system32\drivers\STI2303X.sys [2005-6-3 13440]

=============== Created Last 30 ================

2009-09-03 03:26 --d----- c:\docume~1\lindak~1\applic~1\Malwarebytes
2009-09-03 03:26 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 03:26 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-03 03:26 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 03:26 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-02 20:27 163,840 a------- c:\windows\svchasts.exe
2009-09-02 04:37 45,344 a------- c:\windows\system32\drivers\sjkd52c.sys
2009-08-28 05:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-28 05:04 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-28 05:03 --d----- c:\program files\iTunes
2009-08-28 05:03 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-28 05:02 --d----- c:\program files\Bonjour
2009-08-27 08:18 0 a------- c:\windows\iplayer.INI
2009-08-27 06:20 --d----- c:\program files\InterActual
2009-08-26 04:26 --dsh--- c:\documents and settings\linda kelly\IECompatCache
2009-08-26 04:10 --dsh--- c:\documents and settings\linda kelly\PrivacIE
2009-08-26 03:59 --dsh--- c:\documents and settings\linda kelly\IETldCache
2009-08-26 03:50 -cd-h--- c:\windows\ie8
2009-08-26 03:12 294,912 -c------ c:\windows\system32\dllcache\msctf.dll
2009-08-19 01:18 --d----- c:\windows\system32\wbem\Repository
2009-08-11 14:41 --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-08-11 14:40 --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2008-04-28 17:18 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 15:49:57.57 ===============

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Belahzur on Thu Sep 03, 2009 3:02 pm

Hello.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    sjkd52c
    7bc5f91b.sys

    :files
    c:\windows\svchasts.exe
    c:\windows\system32\drivers\sjkd52c.sys
    c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Kells12579 on Thu Sep 03, 2009 3:16 pm

Thanks again.

This is from the clipboard: Results

========== SERVICES/DRIVERS ==========

Service\Driver sjkd52c deleted successfully.

Service\Driver 7bc5f91b.sys deleted successfully.
========== FILES ==========
c:\windows\svchasts.exe moved successfully.
File move failed. c:\windows\system32\drivers\sjkd52c.sys scheduled to be moved on reboot.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09032009

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Kells12579 on Thu Sep 03, 2009 3:16 pm

This is the log that was created. It has asked me to reboot, which I will do after sending this reply.


========== SERVICES/DRIVERS ==========

Service\Driver sjkd52c deleted successfully.

Service\Driver 7bc5f91b.sys deleted successfully.
========== FILES ==========
c:\windows\svchasts.exe moved successfully.
File move failed. c:\windows\system32\drivers\sjkd52c.sys scheduled to be moved on reboot.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09032009_161338

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Belahzur on Thu Sep 03, 2009 3:21 pm

Hello.
There will be another log that opens on reboot, please post that too.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Kells12579 on Thu Sep 03, 2009 3:37 pm

Hi again,
After rebooting, the computer screen went blue and started some disk checker and did lots of cleaning, moving, editing, etc... of different files I think.



Here is the log that appeared after reboot:

========== SERVICES/DRIVERS ==========

Service\Driver sjkd52c deleted successfully.

Service\Driver 7bc5f91b.sys deleted successfully.


========== FILES ==========
c:\windows\svchasts.exe moved successfully.
File move failed. c:\windows\system32\drivers\sjkd52c.sys scheduled to be moved on reboot.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09032009_161338

Files moved on Reboot...
c:\windows\system32\drivers\sjkd52c.sys moved successfully.

Registry entries deleted on Reboot...

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Belahzur on Thu Sep 03, 2009 10:18 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Kells12579 on Fri Sep 04, 2009 1:17 am

Thank you sooooooo much!!!

I don't know if it's back to its old self 100%, but it is working really good again. I'm going to tell everyone about this website!!

Thanks, and I'll be back if anything comes up.

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro, Total Security

Post by Kells12579 on Fri Sep 04, 2009 3:03 am

Hi again,

Actually there is a problem. The computer will not restart or shut down on its own. I have to manually hold down the power key, which I don't think is good for the laptop. Any advice?

Kells12579
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-09-02
Gender Gender : Female
OS OS : Windows 7
Points Points : 26530
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum