WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Closed] windows police pro
Started by
bigbadkitty
, Sep 21 2009 08:19 AM
-
This topic is locked
32 replies to this topic
#1
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 08:19 AM
Register to Remove
#2
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 21 September 2009 - 08:24 AM
Please run the following programs:
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
NEXT
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
NEXT
- Please save Win32kDiag to your desktop.
- Double-click on it to run a scan.
- When it's finished, there will be a log called Win32kDiag.txt on your desktop.
- Please open it with notepad and post the contents here.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#3
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 08:29 AM
exeHelper by Raktor - 09
Build 20090916
Run at 09:27:55 on 09/21/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Killed process svchast.exe
Killed process windows Police Pro.exe
Checking for bad files...
Found file C:\WINDOWS\system32\desot.exe
Deleting file C:\WINDOWS\system32\desot.exe
Found file C:\Program Files\Windows Police Pro\Windows Police Pro.exe
Deleting file C:\Program Files\Windows Police Pro\Windows Police Pro.exe
Found file C:\WINDOWS\system32\dddesot.dll
Deleting file C:\WINDOWS\system32\dddesot.dll
Found file C:\WINDOWS\ppp3.dat
Deleting file C:\WINDOWS\ppp3.dat
Found file C:\WINDOWS\ppp4.dat
Deleting file C:\WINDOWS\ppp4.dat
Found file C:\WINDOWS\system32\sysnet.dat
Deleting file C:\WINDOWS\system32\sysnet.dat
Resetting filetype association for .exe
Resetting filetype association for .com
--Finished--
is this what I needed to post?
#4
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 21 September 2009 - 08:34 AM
Yes, now move on to the win32kdiag program and post the report from that also.
Thanks
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#5
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 08:38 AM
please forgive me, I don't know how to copy the text in the black box to notepad...
#6
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 21 September 2009 - 08:40 AM
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#7
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 08:44 AM
Oh ok, i thought it was done but it's still going...thank you so much for being patient with me!
#8
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 21 September 2009 - 08:45 AM
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#9
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 09:06 AM
OK here we are...
Running from: C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\My Documents\Downloads\Win32kDiag.exe
Log file at : C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Cannot access: C:\WINDOWS\privacy_danger\images\capt.gif
[1] 2007-05-18 03:39:56 23870 C:\WINDOWS\privacy_danger\images\capt.gif ()
Cannot access: C:\WINDOWS\privacy_danger\images\danger.jpg
[1] 2007-05-18 03:39:42 47318 C:\WINDOWS\privacy_danger\images\danger.jpg ()
Cannot access: C:\WINDOWS\privacy_danger\images\down.gif
[1] 2007-05-18 03:40:06 14916 C:\WINDOWS\privacy_danger\images\down.gif ()
Cannot access: C:\WINDOWS\privacy_danger\images\spacer.gif
[1] 2004-08-04 13:00:00 43 C:\WINDOWS\Help\Tours\htmlTour\spacer.gif ()
[1] 2009-02-21 17:46:49 43 C:\WINDOWS\pchealth\helpctr\System\sysinfo\graphics\spacer.gif ()
[1] 2009-02-21 17:46:56 43 C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\spacer.gif ()
[1] 2007-05-18 03:44:00 43 C:\WINDOWS\privacy_danger\images\spacer.gif ()
Cannot access: C:\WINDOWS\privacy_danger\index.htm
[1] 2009-02-21 17:46:49 1477 C:\WINDOWS\pchealth\helpctr\System\blurbs\Index.htm ()
[1] 2009-02-21 17:46:49 2911 C:\WINDOWS\pchealth\helpctr\System\panels\subpanels\Index.htm ()
[1] 2007-08-08 14:57:32 1151 C:\WINDOWS\privacy_danger\index.htm ()
Finished!
#10
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 21 September 2009 - 09:08 AM
Hi,
Please do the following:
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
NEXT
Download GMER Rootkit Scanner from here or here.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please do the following:
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.
- Disable any script blocking protection
- Double click dds.pif to run the tool.
- When done, two DDS.txt's will open.
- Save both reports to your desktop.
Please include the contents of the following in your next reply:
DDS.txt
Attach.txt.
NEXT
Download GMER Rootkit Scanner from here or here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
Register to Remove
#11
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 09:13 AM
DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Owner at 10:09:36.70 on Mon 09/21/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.129 [GMT -5:00]
AV: avast! antivirus 4.8.1335 [VPS 090920-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-F78BF48CE2\My Documents\Downloads\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: ICQSys (IE PlugIn): {77dc0b63-1535-4ba9-8be8-d59eb676fa02} - c:\windows\system32\dddesot.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [AutoTBar] c:\program files\hp\digital imaging\bin\AUTOTBAR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~2.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\hp_own~1.you\applic~1\mozilla\firefox\profiles\ya32wjpq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=13&tid={CA7EA5FE-C8D3-DB42-E5CA-AA0956DCA6BD}&q=
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-19 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-19 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-19 352920]
S2 AntipPolice_;AntiPol;c:\windows\svchast.exe [2009-9-21 69632]
=============== Created Last 30 ================
2009-09-21 09:20 <DIR> a-d----- c:\windows\system32\images
2009-09-21 09:20 8,468 a------- c:\windows\system32\wispex.html
2009-09-21 06:11 69,632 a------- c:\windows\svchast.exe
2009-09-21 06:11 9 a------- c:\windows\system32\bennuar.old
2009-09-21 06:11 107 a------- c:\windows\system32\sonhelp.htm
2009-09-21 06:10 <DIR> --d----- c:\program files\Windows Police Pro
2009-09-08 13:39 153,088 -------- c:\windows\system32\dllcache\triedit.dll
==================== Find3M ====================
2009-08-19 21:47 0 a------- c:\docume~1\hp_own~1.you\applic~1\wklnhst.dat
2009-08-13 10:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-26 11:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 11:50 81,920 ac------ c:\windows\system32\ieencode.dll
2009-06-26 11:50 81,920 a------- c:\windows\system32\dllcache\ieencode.dll
2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 03:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 06:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2008-06-30 05:47 409,695 ac------ c:\program files\Uninstall Fun Web Products.dll
============= FINISH: 10:10:35.89 ===============
Edited by bigbadkitty, 21 September 2009 - 09:27 AM.
#12
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 09:13 AM
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2009 7:25:09 PM
System Uptime: 9/21/2009 7:59:06 AM (3 hours ago)
Motherboard: ASUSTek Computer INC. | | Guppy
Processor: Intel® Celeron® CPU 3.06GHz | PGA 478 | 3066/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 142 GiB total, 125.054 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.252 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
==== Disabled Device Manager Items =============
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Camera
Device ID: USB\VID_046D&PID_092F\5&5D907CC&0&2
Manufacturer:
Name: Camera
PNP Device ID: USB\VID_046D&PID_092F\5&5D907CC&0&2
Service:
==== System Restore Points ===================
RP152: 9/21/2009 5:59:18 AM - System Checkpoint
RP153: 9/21/2009 5:59:18 AM - System Checkpoint
RP154: 9/21/2009 5:59:18 AM - System Checkpoint
RP155: 9/21/2009 5:59:19 AM - System Checkpoint
RP156: 9/21/2009 5:59:20 AM - System Checkpoint
RP157: 9/21/2009 5:59:20 AM - System Checkpoint
RP158: 9/21/2009 5:59:20 AM - System Checkpoint
RP159: 9/21/2009 5:59:21 AM - System Checkpoint
RP160: 9/21/2009 5:59:21 AM - System Checkpoint
RP161: 9/21/2009 5:59:22 AM - System Checkpoint
RP162: 9/21/2009 5:59:22 AM - System Checkpoint
RP163: 9/21/2009 5:59:23 AM - System Checkpoint
RP164: 9/21/2009 5:59:23 AM - System Checkpoint
RP165: 9/21/2009 5:59:23 AM - System Checkpoint
RP166: 9/21/2009 5:59:24 AM - System Checkpoint
RP167: 9/21/2009 5:59:25 AM - System Checkpoint
RP168: 9/21/2009 5:59:25 AM - System Checkpoint
RP169: 9/21/2009 5:59:25 AM - System Checkpoint
RP170: 9/21/2009 5:59:26 AM - System Checkpoint
RP171: 9/21/2009 5:59:26 AM - System Checkpoint
RP172: 9/21/2009 5:59:26 AM - System Checkpoint
RP173: 9/21/2009 5:59:27 AM - System Checkpoint
RP174: 9/21/2009 5:59:27 AM - Software Distribution Service 3.0
RP175: 9/21/2009 5:59:27 AM - System Checkpoint
RP176: 9/21/2009 5:59:27 AM - System Checkpoint
RP177: 9/21/2009 5:59:27 AM - System Checkpoint
RP178: 9/21/2009 5:59:27 AM - Removed LEGO Star Wars II
RP179: 9/21/2009 5:59:28 AM - System Checkpoint
RP180: 9/21/2009 5:59:28 AM - System Checkpoint
RP181: 9/21/2009 5:59:28 AM - System Checkpoint
RP182: 9/21/2009 5:59:28 AM - System Checkpoint
RP183: 9/21/2009 5:59:28 AM - System Checkpoint
RP184: 9/21/2009 5:59:29 AM - System Checkpoint
RP185: 9/21/2009 5:59:29 AM - System Checkpoint
RP186: 9/21/2009 5:59:30 AM - System Checkpoint
RP187: 9/21/2009 5:59:30 AM - System Checkpoint
RP188: 9/21/2009 5:59:30 AM - Software Distribution Service 3.0
RP189: 9/21/2009 5:59:30 AM - System Checkpoint
RP190: 9/21/2009 5:59:31 AM - System Checkpoint
RP191: 9/21/2009 5:59:31 AM - System Checkpoint
RP192: 9/21/2009 5:59:32 AM - System Checkpoint
RP193: 9/21/2009 5:59:32 AM - System Checkpoint
RP194: 9/21/2009 5:59:32 AM - System Checkpoint
RP195: 9/21/2009 5:59:33 AM - System Checkpoint
RP196: 9/21/2009 5:59:33 AM - System Checkpoint
RP197: 9/21/2009 5:59:33 AM - System Checkpoint
RP198: 9/21/2009 5:59:34 AM - System Checkpoint
RP199: 9/21/2009 5:59:34 AM - System Checkpoint
RP200: 9/21/2009 5:59:34 AM - System Checkpoint
RP201: 9/21/2009 5:59:35 AM - System Checkpoint
RP202: 9/21/2009 5:59:37 AM - Software Distribution Service 3.0
RP203: 9/21/2009 5:59:39 AM - System Checkpoint
RP204: 9/21/2009 5:59:39 AM - System Checkpoint
RP205: 9/21/2009 5:59:39 AM - System Checkpoint
RP206: 9/21/2009 5:59:39 AM - Software Distribution Service 3.0
RP207: 9/21/2009 5:59:40 AM - Installed Java™ 6 Update 15
RP208: 9/21/2009 5:59:42 AM - System Checkpoint
RP209: 9/21/2009 5:59:43 AM - System Checkpoint
RP210: 9/21/2009 5:59:43 AM - System Checkpoint
RP211: 9/21/2009 5:59:44 AM - System Checkpoint
RP212: 9/21/2009 5:59:44 AM - System Checkpoint
RP213: 9/21/2009 5:59:45 AM - System Checkpoint
RP214: 9/21/2009 5:59:45 AM - System Checkpoint
RP215: 9/21/2009 5:59:46 AM - System Checkpoint
RP216: 9/21/2009 5:59:47 AM - System Checkpoint
RP217: 9/21/2009 5:59:48 AM - Software Distribution Service 3.0
RP218: 9/21/2009 5:59:49 AM - System Checkpoint
RP219: 9/21/2009 5:59:51 AM - System Checkpoint
RP220: 9/21/2009 5:59:52 AM - System Checkpoint
RP221: 9/21/2009 5:59:54 AM - System Checkpoint
RP222: 9/21/2009 5:59:54 AM - System Checkpoint
RP223: 9/21/2009 5:59:56 AM - System Checkpoint
RP224: 9/21/2009 5:59:57 AM - System Checkpoint
RP225: 9/21/2009 5:59:59 AM - System Checkpoint
RP226: 9/21/2009 6:00:01 AM - System Checkpoint
RP227: 9/21/2009 6:00:05 AM - System Checkpoint
RP228: 9/21/2009 6:00:09 AM - System Checkpoint
RP229: 9/21/2009 6:00:11 AM - System Checkpoint
RP230: 9/21/2009 6:00:15 AM - System Checkpoint
RP231: 9/21/2009 6:00:18 AM - Software Distribution Service 3.0
RP232: 9/21/2009 6:00:20 AM - System Checkpoint
RP233: 9/21/2009 6:00:21 AM - System Checkpoint
RP234: 9/21/2009 6:00:23 AM - System Checkpoint
RP235: 9/21/2009 6:00:24 AM - System Checkpoint
RP236: 9/21/2009 6:00:27 AM - System Checkpoint
RP237: 9/21/2009 6:00:30 AM - System Checkpoint
RP238: 9/21/2009 6:00:31 AM - System Checkpoint
RP239: 9/21/2009 6:00:33 AM - System Checkpoint
RP240: 9/21/2009 6:00:37 AM - System Checkpoint
RP241: 9/21/2009 6:00:39 AM - System Checkpoint
RP242: 9/21/2009 6:00:42 AM - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat - Reader 6.0.2 Update
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 6.0.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems PCI Soft Modem
avast! Antivirus
BufferChm
Connect
Copy
Cortona3D Viewer
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
Google Toolbar for Internet Explorer
Help and Support Additions
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP Help and Support 4.0
HP Image Zone 4.8.6
HP Software Update
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
J2SE Runtime Environment 5.0
Java™ 6 Update 15
KBD
kuler
LEGO Star Wars II
Lexmark Supplies Monitor
Lexmark Z23-Z33
LS_HSI
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.3)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.0
PanoStandAlone
PC-Doctor for Windows
PDF Settings CS4
PhotoGallery
Photoshop Camera Raw
PrintScreen
PS2
QFolder
QuickProjects
QuickTime
ScannerCopy
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SkinsHP1
Suite Shared Configuration CS4
TrayApp
Unload
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
9/21/2009 9:27:58 AM, error: Service Control Manager [7034] - The AntiPol service terminated unexpectedly. It has done this 1 time(s).
9/21/2009 6:58:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2009 6:58:25 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2009 6:57:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/21/2009 6:57:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2009 4:01:00 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
==== End Of File ===========================
#13
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 09:19 AM
OK I have GMER opened, I unchecked Sections, IAT/EAT, and show all. I don't see Drives/Partition other than Systemdrive, I see "files", C is checked, D is not, is that what I am looking for?
never mind I see it
Edited by bigbadkitty, 21 September 2009 - 09:28 AM.
#14
CatByte
-
- Classroom Admin
-
- 21,060 posts
Classroom Administrator
Posted 21 September 2009 - 09:28 AM
Yes, that is what you need
Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
#15
bigbadkitty
-
- Authentic Member
-
- 20 posts
Authentic Member
Posted 21 September 2009 - 09:34 AM
scanning now...thank you SO SO much!! 
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
