Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] windows police pro


  • This topic is locked This topic is locked
32 replies to this topic

#1 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 08:19 AM

I am so happy to have found this site. Out of nowhere, "windows police pro" appeared on my computer this morning and I have no idea how to get rid of it. I checked several sites, learning that it was a rogue, and I really don't understand the instructions given. I hope that someone with some patience can help me. I am running windows xp and I currently use Avast. I have tried to start the computer in safe mode but I have no idea what to do once I get there. Oh please help. Oh thank you.

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 September 2009 - 08:24 AM

Please run the following programs:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

NEXT

  • Please save Win32kDiag to your desktop.
  • Double-click on it to run a scan.
  • When it's finished, there will be a log called Win32kDiag.txt on your desktop.
  • Please open it with notepad and post the contents here.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 08:29 AM

exeHelper by Raktor - 09 Build 20090916 Run at 09:27:55 on 09/21/09 Now searching... Checking for numerical processes... Checking for bad processes... Killed process svchast.exe Killed process windows Police Pro.exe Checking for bad files... Found file C:\WINDOWS\system32\desot.exe Deleting file C:\WINDOWS\system32\desot.exe Found file C:\Program Files\Windows Police Pro\Windows Police Pro.exe Deleting file C:\Program Files\Windows Police Pro\Windows Police Pro.exe Found file C:\WINDOWS\system32\dddesot.dll Deleting file C:\WINDOWS\system32\dddesot.dll Found file C:\WINDOWS\ppp3.dat Deleting file C:\WINDOWS\ppp3.dat Found file C:\WINDOWS\ppp4.dat Deleting file C:\WINDOWS\ppp4.dat Found file C:\WINDOWS\system32\sysnet.dat Deleting file C:\WINDOWS\system32\sysnet.dat Resetting filetype association for .exe Resetting filetype association for .com --Finished-- is this what I needed to post?

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 September 2009 - 08:34 AM

Yes, now move on to the win32kdiag program and post the report from that also. Thanks

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 08:38 AM

please forgive me, I don't know how to copy the text in the black box to notepad...

#6 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 September 2009 - 08:40 AM

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#7 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 08:44 AM

Oh ok, i thought it was done but it's still going...thank you so much for being patient with me!

#8 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 September 2009 - 08:45 AM

:thumbup:

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#9 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 09:06 AM

OK here we are... Running from: C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\My Documents\Downloads\Win32kDiag.exe Log file at : C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Cannot access: C:\WINDOWS\privacy_danger\images\capt.gif [1] 2007-05-18 03:39:56 23870 C:\WINDOWS\privacy_danger\images\capt.gif () Cannot access: C:\WINDOWS\privacy_danger\images\danger.jpg [1] 2007-05-18 03:39:42 47318 C:\WINDOWS\privacy_danger\images\danger.jpg () Cannot access: C:\WINDOWS\privacy_danger\images\down.gif [1] 2007-05-18 03:40:06 14916 C:\WINDOWS\privacy_danger\images\down.gif () Cannot access: C:\WINDOWS\privacy_danger\images\spacer.gif [1] 2004-08-04 13:00:00 43 C:\WINDOWS\Help\Tours\htmlTour\spacer.gif () [1] 2009-02-21 17:46:49 43 C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\spacer.gif () [1] 2009-02-21 17:46:56 43 C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\spacer.gif () [1] 2007-05-18 03:44:00 43 C:\WINDOWS\privacy_danger\images\spacer.gif () Cannot access: C:\WINDOWS\privacy_danger\index.htm [1] 2009-02-21 17:46:49 1477 C:\WINDOWS\pchealth\helpctr\System\blurbs\Index.htm () [1] 2009-02-21 17:46:49 2911 C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Index.htm () [1] 2007-08-08 14:57:32 1151 C:\WINDOWS\privacy_danger\index.htm () Finished!

#10 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 September 2009 - 09:08 AM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove


#11 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 09:13 AM

DDS (Ver_09-07-30.01) - NTFSx86 Run by HP_Owner at 10:09:36.70 on Mon 09/21/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.129 [GMT -5:00] AV: avast! antivirus 4.8.1335 [VPS 090920-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\My Documents\Downloads\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: ICQSys (IE PlugIn): {77dc0b63-1535-4ba9-8be8-d59eb676fa02} - c:\windows\system32\dddesot.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [AutoTBar] c:\program files\hp\digital imaging\bin\AUTOTBAR.EXE mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palmone\Hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab Notify: igfxcui - igfxsrvc.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_own~1.you\applic~1\mozilla\firefox\profiles\ya32wjpq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={CA7EA5FE-C8D3-DB42-E5CA-AA0956DCA6BD}&q= FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-19 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-19 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-19 138680] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-19 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-19 352920] S2 AntipPolice_;AntiPol;c:\windows\svchast.exe [2009-9-21 69632] =============== Created Last 30 ================ 2009-09-21 09:20 <DIR> a-d----- c:\windows\system32\images 2009-09-21 09:20 8,468 a------- c:\windows\system32\wispex.html 2009-09-21 06:11 69,632 a------- c:\windows\svchast.exe 2009-09-21 06:11 9 a------- c:\windows\system32\bennuar.old 2009-09-21 06:11 107 a------- c:\windows\system32\sonhelp.htm 2009-09-21 06:10 <DIR> --d----- c:\program files\Windows Police Pro 2009-09-08 13:39 153,088 -------- c:\windows\system32\dllcache\triedit.dll ==================== Find3M ==================== 2009-08-19 21:47 0 a------- c:\docume~1\hp_own~1.you\applic~1\wklnhst.dat 2009-08-13 10:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll 2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll 2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll 2009-06-26 11:50 666,624 a------- c:\windows\system32\wininet.dll 2009-06-26 11:50 81,920 ac------ c:\windows\system32\ieencode.dll 2009-06-26 11:50 81,920 a------- c:\windows\system32\dllcache\ieencode.dll 2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-25 03:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll 2009-06-25 03:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll 2009-06-25 03:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll 2009-06-25 03:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-06-25 03:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll 2009-06-25 03:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll 2009-06-24 06:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys 2008-06-30 05:47 409,695 ac------ c:\program files\Uninstall Fun Web Products.dll ============= FINISH: 10:10:35.89 ===============

Edited by bigbadkitty, 21 September 2009 - 09:27 AM.


#12 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 09:13 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 2/19/2009 7:25:09 PM System Uptime: 9/21/2009 7:59:06 AM (3 hours ago) Motherboard: ASUSTek Computer INC. | | Guppy Processor: Intel® Celeron® CPU 3.06GHz | PGA 478 | 3066/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 142 GiB total, 125.054 GiB free. D: is FIXED (FAT32) - 7 GiB total, 1.252 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable ==== Disabled Device Manager Items ============= Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Description: Camera Device ID: USB\VID_046D&PID_092F\5&5D907CC&0&2 Manufacturer: Name: Camera PNP Device ID: USB\VID_046D&PID_092F\5&5D907CC&0&2 Service: ==== System Restore Points =================== RP152: 9/21/2009 5:59:18 AM - System Checkpoint RP153: 9/21/2009 5:59:18 AM - System Checkpoint RP154: 9/21/2009 5:59:18 AM - System Checkpoint RP155: 9/21/2009 5:59:19 AM - System Checkpoint RP156: 9/21/2009 5:59:20 AM - System Checkpoint RP157: 9/21/2009 5:59:20 AM - System Checkpoint RP158: 9/21/2009 5:59:20 AM - System Checkpoint RP159: 9/21/2009 5:59:21 AM - System Checkpoint RP160: 9/21/2009 5:59:21 AM - System Checkpoint RP161: 9/21/2009 5:59:22 AM - System Checkpoint RP162: 9/21/2009 5:59:22 AM - System Checkpoint RP163: 9/21/2009 5:59:23 AM - System Checkpoint RP164: 9/21/2009 5:59:23 AM - System Checkpoint RP165: 9/21/2009 5:59:23 AM - System Checkpoint RP166: 9/21/2009 5:59:24 AM - System Checkpoint RP167: 9/21/2009 5:59:25 AM - System Checkpoint RP168: 9/21/2009 5:59:25 AM - System Checkpoint RP169: 9/21/2009 5:59:25 AM - System Checkpoint RP170: 9/21/2009 5:59:26 AM - System Checkpoint RP171: 9/21/2009 5:59:26 AM - System Checkpoint RP172: 9/21/2009 5:59:26 AM - System Checkpoint RP173: 9/21/2009 5:59:27 AM - System Checkpoint RP174: 9/21/2009 5:59:27 AM - Software Distribution Service 3.0 RP175: 9/21/2009 5:59:27 AM - System Checkpoint RP176: 9/21/2009 5:59:27 AM - System Checkpoint RP177: 9/21/2009 5:59:27 AM - System Checkpoint RP178: 9/21/2009 5:59:27 AM - Removed LEGO Star Wars II RP179: 9/21/2009 5:59:28 AM - System Checkpoint RP180: 9/21/2009 5:59:28 AM - System Checkpoint RP181: 9/21/2009 5:59:28 AM - System Checkpoint RP182: 9/21/2009 5:59:28 AM - System Checkpoint RP183: 9/21/2009 5:59:28 AM - System Checkpoint RP184: 9/21/2009 5:59:29 AM - System Checkpoint RP185: 9/21/2009 5:59:29 AM - System Checkpoint RP186: 9/21/2009 5:59:30 AM - System Checkpoint RP187: 9/21/2009 5:59:30 AM - System Checkpoint RP188: 9/21/2009 5:59:30 AM - Software Distribution Service 3.0 RP189: 9/21/2009 5:59:30 AM - System Checkpoint RP190: 9/21/2009 5:59:31 AM - System Checkpoint RP191: 9/21/2009 5:59:31 AM - System Checkpoint RP192: 9/21/2009 5:59:32 AM - System Checkpoint RP193: 9/21/2009 5:59:32 AM - System Checkpoint RP194: 9/21/2009 5:59:32 AM - System Checkpoint RP195: 9/21/2009 5:59:33 AM - System Checkpoint RP196: 9/21/2009 5:59:33 AM - System Checkpoint RP197: 9/21/2009 5:59:33 AM - System Checkpoint RP198: 9/21/2009 5:59:34 AM - System Checkpoint RP199: 9/21/2009 5:59:34 AM - System Checkpoint RP200: 9/21/2009 5:59:34 AM - System Checkpoint RP201: 9/21/2009 5:59:35 AM - System Checkpoint RP202: 9/21/2009 5:59:37 AM - Software Distribution Service 3.0 RP203: 9/21/2009 5:59:39 AM - System Checkpoint RP204: 9/21/2009 5:59:39 AM - System Checkpoint RP205: 9/21/2009 5:59:39 AM - System Checkpoint RP206: 9/21/2009 5:59:39 AM - Software Distribution Service 3.0 RP207: 9/21/2009 5:59:40 AM - Installed Java™ 6 Update 15 RP208: 9/21/2009 5:59:42 AM - System Checkpoint RP209: 9/21/2009 5:59:43 AM - System Checkpoint RP210: 9/21/2009 5:59:43 AM - System Checkpoint RP211: 9/21/2009 5:59:44 AM - System Checkpoint RP212: 9/21/2009 5:59:44 AM - System Checkpoint RP213: 9/21/2009 5:59:45 AM - System Checkpoint RP214: 9/21/2009 5:59:45 AM - System Checkpoint RP215: 9/21/2009 5:59:46 AM - System Checkpoint RP216: 9/21/2009 5:59:47 AM - System Checkpoint RP217: 9/21/2009 5:59:48 AM - Software Distribution Service 3.0 RP218: 9/21/2009 5:59:49 AM - System Checkpoint RP219: 9/21/2009 5:59:51 AM - System Checkpoint RP220: 9/21/2009 5:59:52 AM - System Checkpoint RP221: 9/21/2009 5:59:54 AM - System Checkpoint RP222: 9/21/2009 5:59:54 AM - System Checkpoint RP223: 9/21/2009 5:59:56 AM - System Checkpoint RP224: 9/21/2009 5:59:57 AM - System Checkpoint RP225: 9/21/2009 5:59:59 AM - System Checkpoint RP226: 9/21/2009 6:00:01 AM - System Checkpoint RP227: 9/21/2009 6:00:05 AM - System Checkpoint RP228: 9/21/2009 6:00:09 AM - System Checkpoint RP229: 9/21/2009 6:00:11 AM - System Checkpoint RP230: 9/21/2009 6:00:15 AM - System Checkpoint RP231: 9/21/2009 6:00:18 AM - Software Distribution Service 3.0 RP232: 9/21/2009 6:00:20 AM - System Checkpoint RP233: 9/21/2009 6:00:21 AM - System Checkpoint RP234: 9/21/2009 6:00:23 AM - System Checkpoint RP235: 9/21/2009 6:00:24 AM - System Checkpoint RP236: 9/21/2009 6:00:27 AM - System Checkpoint RP237: 9/21/2009 6:00:30 AM - System Checkpoint RP238: 9/21/2009 6:00:31 AM - System Checkpoint RP239: 9/21/2009 6:00:33 AM - System Checkpoint RP240: 9/21/2009 6:00:37 AM - System Checkpoint RP241: 9/21/2009 6:00:39 AM - System Checkpoint RP242: 9/21/2009 6:00:42 AM - System Checkpoint ==== Installed Programs ====================== Adobe Acrobat - Reader 6.0.2 Update Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Reader 6.0.1 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Agere Systems PCI Soft Modem avast! Antivirus BufferChm Connect Copy Cortona3D Viewer CP_AtenaShokunin1Config cp_dwSharkTaleAlbums1 cp_dwSharkTaleCards1 cp_dwShrek2Albums1 cp_dwShrek2Cards1 CP_PLSBusinessFlyers CreativeProjects CreativeProjectsTemplates CueTour Destinations Director DocProc DocumentViewer Google Toolbar for Internet Explorer Help and Support Additions Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) HP Boot Optimizer HP Help and Support 4.0 HP Image Zone 4.8.6 HP Software Update HpSdpAppCoreApp HPSystemDiagnostics InstantShare Intel® Extreme Graphics Driver IntelliMover Data Transfer Demo J2SE Runtime Environment 5.0 Java™ 6 Update 15 KBD kuler LEGO Star Wars II Lexmark Supplies Monitor Lexmark Z23-Z33 LS_HSI Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (3.5.3) MSXML 4.0 SP2 (KB954430) muvee autoProducer 4.0 PanoStandAlone PC-Doctor for Windows PDF Settings CS4 PhotoGallery Photoshop Camera Raw PrintScreen PS2 QFolder QuickProjects QuickTime ScannerCopy Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SkinsHP1 Suite Shared Configuration CS4 TrayApp Unload Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) WebFldrs XP WebReg Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 9/21/2009 9:27:58 AM, error: Service Control Manager [7034] - The AntiPol service terminated unexpectedly. It has done this 1 time(s). 9/21/2009 6:58:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2009 6:57:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 9/21/2009 6:57:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/17/2009 4:01:00 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. ==== End Of File ===========================

#13 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 09:19 AM

OK I have GMER opened, I unchecked Sections, IAT/EAT, and show all. I don't see Drives/Partition other than Systemdrive, I see "files", C is checked, D is not, is that what I am looking for? never mind I see it

Edited by bigbadkitty, 21 September 2009 - 09:28 AM.


#14 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 September 2009 - 09:28 AM

Yes, that is what you need

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#15 bigbadkitty

bigbadkitty

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 21 September 2009 - 09:34 AM

scanning now...thank you SO SO much!! ;)

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users