Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti Malware scans shut down - Windows Police Pro


  • This topic is locked This topic is locked
10 replies to this topic

#1 eldudearino

eldudearino

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 25 October 2009 - 08:18 PM

I found Windows Police Pro on my wife's laptop. I was able to delete some associated files but dont think I have them all. I have stopped it from popping up and can navigate through the command line in safe mode and the internet if I start a browser through the task manager. I can run spyware doctor and have several times but cannot run malwarebytes, spynomore, or spybot search and destroy. I tried to follow the instructions on this site for what to do before I made this post regarding malware but both dds and root repeal were stopped mid scan before the logs were created. I have seen references to combo fix but also suggestions not to run it unless directed to do so. The desktop will load the background but no icons or start menu. Any advice is appreciated.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:50 AM

Posted 26 October 2009 - 10:25 AM

Try this application and then immediately run DDS and Root Repeal

If it doesn't work please post back here



Rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.scr

When you double-click on the Desktop icon, a small DOS window will open and the application will run on it's own
It should only take a few minutes and it will close by itself

Do not reboot the machine
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 eldudearino

eldudearino
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 26 October 2009 - 07:19 PM

I appreciate your insight is there anything else I can tell you about the machine's activities that will clearly outline the capabilities/problems?

OK, I cannot double or single click for that matter on a desktop icon. I must start all programs from either the task manager or in the case of downloads from the downloads 'dialog box'. I ran Rkill and started DDS but after about a minute the DDS window closed. I tried root repeal for giggles but a message came up that said i didnt have sufficient priveleges.

I thought about posting this thread in the ' am i infected ' section but it was pretty obvious to me that i was.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:50 AM

Posted 27 October 2009 - 06:24 PM

The rskil should have taken care of the Task Manager problem

Try these:
:trumpet:
Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:flowers: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

==================

:thumbsup:
Vista users can refer to these instructions to open a command prompt.

Alternatively you can do this:

Please download peek.bat and save it to your Desktop. Double-click on peek.bat to run it. A black Command Prompt window will appear indicating the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates in your next reply.

If you encounter a problem downloading or getting peek.bat to run, go to Posted Image > Run..., and in the open box, type: Notepad
  • Click OK.
  • Copy and paste everything in the code box below into the Untitled - Notepad.
@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0
  • Go to File > Save As, click the drop-down box to change the Save As Type to *All Files and save it as "peek.bat" on your desktop.
  • Double-click peek.bat to run the script.
  • A window will open and close quickly, this is normal.
  • A file called log.txt should be created on your Desktop.
  • Open that file and copy/paste the contents in your next reply.
-- Vista users, users can refer to these instructions to Run a Batch File as an Administrator.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 eldudearino

eldudearino
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 27 October 2009 - 08:35 PM

I have to use option 1 as I do not have a desktop with anything on it. All programs must be started from task manager or the download box if I use the web. When I click to download the file it goes immediately to my download box and I have to start the program from there. It ran and I thought I would get a log file but neither the log file nor anything wind32kdiag exists on the desktop or c: drive. I shut the machine down and booted into safe mode with command prompt and typed in the instruction for option 2. The machine processed for a minute and then came up with a short 6 line output. I saw the 32kdiag running on the machine and I dont think this was the report you are looking for. The output is below.

Volume in drive C is IBM_PRELOAD
Volume Serial Number is 4C63-54C9

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 08:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 08:00 AM 55,808 eventlog.dll
2 File(s) 462,848 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:11 PM 56,320 eventlog.dll
2 File(s) 463,360 bytes

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:11 PM 61,952 eventlog.dll
2 File(s) 468,992 bytes

Total Files Listed:
6 File(s) 1,395,200 bytes
0 Dir(s) 14,391,918,592 bytes free

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:50 AM

Posted 28 October 2009 - 06:21 PM

Try OTL.exe


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 eldudearino

eldudearino
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 28 October 2009 - 07:39 PM

OTL starts to run but soon after 'gathering drive info' it shuts down. If I try to start the application again from the download box I do not have sufficient privileges to run the program.

#8 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:50 AM

Posted 29 October 2009 - 06:22 PM

I have new instructions for rkil to try
Just skip Link 2 as that was the one you already tried





Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer or you will have to run it again


====================


Another thing to try is to go to the Applications window of Task Manager and End All Tasks
Start a new task and type explorer.exe and OK and see if that helps

Edited by garmanma, 29 October 2009 - 06:26 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 eldudearino

eldudearino
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 01 November 2009 - 08:55 AM

the rkill by grinler seemed to do the trick. the dds follows. I could not zip the results of root repeal and they are below the dds section.


DDS (Ver_09-10-26.01) - NTFSx86
Run by asweene2 at 8:39:53.95 on Sun 11/01/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.322 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\System32\alg.exe
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\asweene2\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ibmmessages] c:\program files\ibm\messages by ibm\ibmmessages.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [Aim6]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\asweene2\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [TpShocks] TpShocks.exe
mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\5.bin\MWSBAR.DLL,S
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [PromoReg] c:\windows\temp\_ex-08.exe
mRun: [SNM] c:\program files\spynomoreii\SNM.exe /startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
dRunOnce: [MPlayer2_FixUp] c:\windows\inf\unregmp2.exe /Fixups
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix-i.com/download/ipixx.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://www.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121191498369
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183423107906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} - hxxp://www.mathxl.com/applets/deltacvx.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispywarenew\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
AppInit_DLLs: ms32clod.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispywarenew\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\asweene2\applic~1\mozilla\firefox\profiles\7ong7mf6.default\
FF - plugin: c:\documents and settings\asweene2\application data\mozilla\firefox\profiles\7ong7mf6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll
FF - plugin: c:\documents and settings\asweene2\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\asweene2\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 3 beta 5\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox 3 beta 5\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-20 206256]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2005-7-20 59776]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-7-12 14208]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-7-14 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-7-14 2432]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispywarenew\sasdifsv.sys [2009-10-12 9968]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2005-7-20 4608]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-7-12 4442]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2009-8-9 297472]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-20 348824]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-7-12 6016]
S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys --> c:\windows\system32\drivers\mvstdi5x.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-7-14 12288]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 rootrepeal2;rootrepeal2;c:\windows\system32\drivers\rootrepeal2.sys [2009-10-26 34816]
S3 rootrepeal3;rootrepeal3;c:\windows\system32\drivers\rootrepeal3.sys [2009-10-26 34816]
S3 SASENUM;SASENUM;c:\program files\superantispywarenew\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-01 13:39:22 0 d--h--w- c:\windows\PIF
2009-10-27 00:04:48 34816 ----a-w- c:\windows\system32\drivers\rootrepeal2.sys
2009-10-27 00:04:41 34816 ----a-w- c:\windows\system32\drivers\rootrepeal3.sys
2009-10-26 00:07:17 0 d-----w- c:\program files\SpyNoMoreII
2009-10-25 23:53:17 0 d-----w- c:\program files\MalwarebytesIII
2009-10-25 22:49:15 0 d-----w- c:\program files\MalwarebytesII
2009-10-25 22:24:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 22:24:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-25 22:24:53 0 d-----w- c:\program files\Malwarebytes
2009-10-23 00:43:55 27136 ----a-w- c:\windows\system32\cpcp.cpo
2009-10-22 02:48:43 0 d-----w- c:\program files\SUPERAntiSpywareNew
2009-10-22 02:47:50 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-21 02:46:59 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-21 02:46:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-21 02:27:10 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-21 02:27:03 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-21 02:27:03 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-21 02:27:03 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-21 02:26:55 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-21 02:26:55 0 d-----w- c:\program files\common files\PC Tools
2009-10-21 02:26:48 0 d-----w- c:\program files\Spyware Doctor
2009-10-21 02:26:48 0 d-----w- c:\docume~1\asweene2\applic~1\PC Tools
2009-10-21 02:26:48 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-21 01:55:13 0 d-----w- c:\docume~1\asweene2\applic~1\Malwarebytes
2009-10-21 01:55:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 01:55:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-21 01:44:27 4 ----a-w- c:\windows\system32\bincd32.dat
2009-10-21 00:37:18 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-21 00:36:57 0 d-----w- c:\program files\&SUPERAntiSpyware
2009-10-21 00:36:57 0 d-----w- c:\docume~1\asweene2\applic~1\SUPERAntiSpyware.com
2009-10-21 00:23:56 0 ----a-w- c:\windows\system32\cok458en.dat
2009-10-21 00:23:48 0 ----a-w- c:\windows\system32\mmd109en.dat
2009-10-21 00:19:31 0 d-sh--w- c:\documents and settings\asweene2\PrivacIE
2009-10-21 00:18:43 0 d-----w- C:\New Folder
2009-10-20 23:53:30 1152 ----a-w- c:\windows\system32\windrv.sys
2009-10-20 23:53:15 0 d-----w- c:\program files\SpyNoMore
2009-10-20 00:57:24 0 d-----w- c:\docume~1\alluse~1\applic~1\50526523
2009-10-18 13:32:52 111 ----a-w- c:\windows\system32\wwp.htm
2009-10-18 09:18:25 0 d-----w- c:\windows\system32\schtml
2009-10-18 09:15:23 58 ----a-w- c:\windows\wp4.dat
2009-10-18 09:15:23 3 ----a-w- c:\windows\wp3.dat
2009-10-18 09:15:19 9 ----a-w- c:\windows\system32\nuar.old
2009-10-18 09:14:23 0 d-----w- c:\program files\Windows Police Pro
2009-10-18 06:57:23 0 ----a-w- c:\windows\win32k.sys
2009-10-17 19:01:44 0 d-----w- c:\program files\WinPcap
2009-10-17 11:09:23 0 d-----w- c:\docume~1\alluse~1\applic~1\70050517
2009-10-16 12:22:26 0 d-sh--w- c:\documents and settings\asweene2\IETldCache
2009-10-16 02:20:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-16 02:20:10 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-16 02:20:04 0 d-----w- c:\windows\ie8updates
2009-10-16 02:20:01 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-16 02:17:08 0 dc-h--w- c:\windows\ie8
2009-10-16 01:16:03 0 ----a-w- c:\windows\system32\sck236jn.dat
2009-10-16 01:14:23 19456 ----a-w- c:\windows\system32\perfc5932.dat
2009-10-16 01:14:23 1 ----a-w- c:\windows\system32\perfc7683.dat
2009-10-16 01:13:47 26112 ----a-w- c:\windows\system32\stu2.exe

==================== Find3M ====================

2009-10-26 11:01:46 46592 ----a-w- c:\windows\system32\userinit.exe
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 5940224 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 08:08:20 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 08:08:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 08:08:18 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:18 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 08:08:17 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:16 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 08:08:13 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-29 07:36:24 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-05 00:44:46 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:44:46 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 23:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 14:20:08 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 14:20:08 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

============= FINISH: 8:41:29.10 ===============
********************************************************************************************
********************************************************************************************
************ROOT REPEAL BELOW**************************************************************


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2005 2:33:55 PM
System Uptime: 11/1/2009 9:18:44 AM (-1 hours ago)

Motherboard: IBM | | 18612YU
Processor: Intel® Pentium® M processor 1.73GHz | None | 1729/533mhz

==== Disk Partitions =========================


==== Installed Programs ======================

Access IBM
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
Adobe Reader for Palm OS, 3.05
Adobe Shockwave Player
Adobe SVG Viewer 3.0
AIM 6
Amazon Games & Software Downloader
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
APhA Complete Review
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
Google SketchUp 6
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM SATA Power Management Driver
IBM Themes
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Power Manager
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
iMove Viewer
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 5
Lexi-CONNECT
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MissionRisk
mMHouse
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.4)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
Norton Security Scan
Palm
Questionmark Secure
Questionmark Secure Browser
QuickTime
Risk
Risk II
RiskII (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
SpyNoMore 2.94
Spyware Doctor 6.1
SUPERAntiSpyware Free Edition
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Wallpapers
Weather Services
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

#10 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:50 AM

Posted 01 November 2009 - 07:01 PM

Now that you were successful in creating the DDS log you need to post it in our HJT forum There they will help you with the removal through some custom scripts and programs that we cannot run here in this forum
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

The HJT team is extremely busy, so be patient and good luck

Edited by garmanma, 01 November 2009 - 07:02 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,946 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:50 AM

Posted 03 November 2009 - 12:15 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/268624/windows-police-pro-anti-malware/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users