Police Pro, Total Security

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Police Pro, Total Security2nd September 2009, 10:24 pm

Hi!!! I am a brand new member, so have never done this before. I am desperate here and have been reading about and trying to cure the total security virus, that has now seemed to turn into police pro. I don't know if that is possible, and I really don't know too much about this stuff.

Basically last night pop ups kept appearing, and they looked fake to me, so I did not buy their fake anti virus software. My desktop screen had a warning. The popups at this time were coming from something called Total security. This would not let me complete a system restore, download anything, access the internet, start the task manager, or restart the computer in safe mode.

I was able to get the task manager up by immediately pressing control alt delete and then stopping and deleting some process with lots of numbers.....I was unable to get the numbers written down, but I had read somewhere else that this was what to look for. I also searched for files called total security and deleted them. I then deleted all the files from the recycle bin.

This seemed to solve some problems, but my computer was still not downloading anything or letting me do a system restore or even start the laptop in safe mode. Almost immediately, more popups came and this time they were called police pro. I saw this as a virus as well when I did a google search, and the dates for other people's posts were within the last couple of days.

THis too would not let me do any of the other things I tried, but I did manage to delete the processes.

What do I do next??? I am desperate here. Any help would be greatly appreciated.

Thanks

Police Pro2nd September 2009, 10:57 pm

I was able to run and scan the Hijackthis and this is the cut and pasted scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54:05, on 02/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Linda Kelly\Local Settings\Temporary Internet Files\Content.IE5\FJGZ76ME\winlogon[1].scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.64.0.21:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [14190154] C:\Documents and Settings\All Users\Application Data\14190154\14190154.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activegs.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173877567468
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://myspace-uk.oberon-media.com/gameshell/games/channel--110372603/lc--en/room--bf089f4a-4469-4bda-86ca-8089b1ac5d44/online/luxor/en/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

--
End of file - 9065 bytes

Re: Police Pro, Total Security2nd September 2009, 11:55 pm

Hello.

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll (file missing)
O4 - HKLM\..\Run: [14190154] C:\Documents and Settings\All Users\Application Data\14190154\14190154.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe
Press "Fix Checked"
Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Police Pro, Total Security DXwU4

Police Pro3rd September 2009, 2:07 am

Thanks so much for getting back to me.

I have redone the hijackthis scan and ticked and clicked on the fix checked box.

Then I tried to download the anti malware from the link.

A normal security warning comes up. I clicked run on malwarebytes.org and it starts to download the setup.

Then it asks if I want to run the software in another secruity warning box.

This time when I click run, a diff box pops ip that says:

Open with...
then gives a series of options like adobe, internet explorer, microsoft word, etc...

I have never seen this on my computer in 2 years until today. I have seen this on other computers years back.

So, I tried clicking on Internet Explorer to open the program.

Then it jsut repeats the process over and over again, never getting past me clicking on choose internet explorer....

HELP....what shall I try next????

Thanks so much.

Re: Police Pro, Total Security3rd September 2009, 2:18 am

Hi Kelly,

Just click on the below link. It will download a Registry Key.

http://www.hotlinkfiles.com/files/2759718_hoehq/ExeErrorFix.reg

Just Double click that Registry Key, you will mostly see 2 pop up. Just click Yes & Yes. So that the registry will merge in.

After that, you can run Malwarebytes as Belahzur said Smile...

Police Pro3rd September 2009, 3:01 am

Hi again and thanks.....

That first link worked so then I was able to download the malware software and run a scan. The scan found a bunch of things that I had it remove.....some things were unable to remove but then it prompted a restart which I have done.

Here is the log:
It won't let me send it all in one message, so I'll split it up.

Malwarebytes' Anti-Malware 1.40
Database version: 2734
Windows 5.1.2600 Service Pack 2

03/09/2009 03:51:42
mbam-log-2009-09-03 (03-51-42).txt

Scan type: Quick Scan
Objects scanned: 131308
Time elapsed: 19 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 30
Files Infected: 181

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

police pro....log page 23rd September 2009, 3:03 am

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14190154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\14190154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

police pro, log page 33rd September 2009, 3:04 am

Files Infected:
C:\Documents and Settings\All Users\Application Data\14190154\14190154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14190154\14190154.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14190154\pc14190154ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmlldgubyx.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmynmylvrg.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmulkfdxod.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\70.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Temporary Internet Files\Content.IE5\3I0JQOKP\setup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\Module_WebDropdown_07.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290

police pro....log p. 43rd September 2009, 3:05 am

\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_07.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\Module_WebDropdown_07.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar\4.1.3.20290\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-141451.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-145710.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-150022.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340

police pro...log page 53rd September 2009, 3:06 am

\NP_20090718-155718.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-164000.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-170215.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-102020.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-194956.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-200821.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-200821.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-085508.167.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-135621.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-143101.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-170250.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-173233.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-192453.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-141432.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-141451.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-145710.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-150022.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-155718.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-164000.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-170214.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-102020.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-194956.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-200821.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-200821.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-085508.151.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-135621.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-143101.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-170250.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-173233.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda Kelly\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-192453.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\logon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl69.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl6B.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rdl6D.tmp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbiwkmklsojgwb.dat (Rootkit.TDSS) -> Delete on reboot.

Thanks again for being so helpful!!

Re: Police Pro, Total Security3rd September 2009, 2:43 pm

Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
Link 1
Link 2
Double click DDS.scr to run.
When complete, two logs will open. Save both of the report to your Desktop.
Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.

Re: Police Pro, Total Security3rd September 2009, 2:48 pm

Some other problems today.....although it appears that I can do lots of stuff I couldn't yesterday....like add/remove programs, install things, etc....

The screen will randomly go blue and will say something like serious error and a whole screen of typing which I can't read because then it restarts so quickly.

Then after restarting it has an error message that says this system has recovered from a serous error. send/don't send

Error signature:

BCCcode : 3f . BCP1 : 00000000 BCP2 : 00000008 BCP3 : 00000006
BCP4: 0000CF2F OSVer : 5_1_2600 SP : 2_0 Product : 256_1

Error Report Contents:
C:DOCUME~1LINDAK~1TEMPWERD89f.dir 00
ini 090309-06.dmp
C:DOCUME~1LINDAK~1LOCALS~1TEMPWERD89f.dir00sysdata.xml

don't know if this is related or not to the virus, but I have never seen this type of thing .....recovered from a serious error......before.

Thanks again.....

now I see you have replied while I was typing this....So I will give a go at what you have said to do. Thanks

Re: Police Pro, Total Security3rd September 2009, 2:54 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by Linda Kelly at 15:49:24.46 on 03/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.543 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Linda Kelly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en
uInternet Settings,ProxyServer = 10.64.0.21:8080
uInternet Settings,ProxyOverride = *.local;
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173877567468
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://myspace-uk.oberon-media.com/gameshell/games/channel--110372603/lc--en/room--bf089f4a-4469-4bda-86ca-8089b1ac5d44/online/luxor/en/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-6-6 6144]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-3-14 101120]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-3-14 33408]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2007-8-10 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2007-11-12 98304]
S0 sjkd52c;sjkd52c;\SystemRoot\\SystemRoot\System32\drivers\sjkd52c.sys --> \SystemRoot\\SystemRoot\System32\drivers\sjkd52c.sys [?]
S1 7bc5f91b.sys;7bc5f91b.sys;\??\c:\windows\system32\drivers\7bc5f91b.sys --> c:\windows\system32\drivers\7bc5f91b.sys [?]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-6-6 35968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-3 38160]
S3 STI2303X;SMART Board cable;c:\windows\system32\drivers\STI2303X.sys [2005-6-3 13440]

=============== Created Last 30 ================

2009-09-03 03:26 --d----- c:\docume~1\lindak~1\applic~1\Malwarebytes
2009-09-03 03:26 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 03:26 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-03 03:26 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 03:26 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-02 20:27 163,840 a------- c:\windows\svchasts.exe
2009-09-02 04:37 45,344 a------- c:\windows\system32\drivers\sjkd52c.sys
2009-08-28 05:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-28 05:04 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-28 05:03 --d----- c:\program files\iTunes
2009-08-28 05:03 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-28 05:02 --d----- c:\program files\Bonjour
2009-08-27 08:18 0 a------- c:\windows\iplayer.INI
2009-08-27 06:20 --d----- c:\program files\InterActual
2009-08-26 04:26 --dsh--- c:\documents and settings\linda kelly\IECompatCache
2009-08-26 04:10 --dsh--- c:\documents and settings\linda kelly\PrivacIE
2009-08-26 03:59 --dsh--- c:\documents and settings\linda kelly\IETldCache
2009-08-26 03:50 -cd-h--- c:\windows\ie8
2009-08-26 03:12 294,912 -c------ c:\windows\system32\dllcache\msctf.dll
2009-08-19 01:18 --d----- c:\windows\system32\wbem\Repository
2009-08-11 14:41 --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-08-11 14:40 --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2008-04-28 17:18 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 15:49:57.57 ===============

Re: Police Pro, Total Security3rd September 2009, 3:02 pm

Hello.

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTM.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:services
sjkd52c
7bc5f91b.sys

:files
c:\windows\svchasts.exe
c:\windows\system32\drivers\sjkd52c.sys
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Re: Police Pro, Total Security3rd September 2009, 3:16 pm

Thanks again.

This is from the clipboard: Results

========== SERVICES/DRIVERS ==========

Service\Driver sjkd52c deleted successfully.

Service\Driver 7bc5f91b.sys deleted successfully.
========== FILES ==========
c:\windows\svchasts.exe moved successfully.
File move failed. c:\windows\system32\drivers\sjkd52c.sys scheduled to be moved on reboot.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09032009

Re: Police Pro, Total Security3rd September 2009, 3:16 pm

This is the log that was created. It has asked me to reboot, which I will do after sending this reply.

========== SERVICES/DRIVERS ==========

Service\Driver sjkd52c deleted successfully.

Service\Driver 7bc5f91b.sys deleted successfully.
========== FILES ==========
c:\windows\svchasts.exe moved successfully.
File move failed. c:\windows\system32\drivers\sjkd52c.sys scheduled to be moved on reboot.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09032009_161338

Re: Police Pro, Total Security3rd September 2009, 3:21 pm

Hello.
There will be another log that opens on reboot, please post that too.

Re: Police Pro, Total Security3rd September 2009, 3:37 pm

Hi again,
After rebooting, the computer screen went blue and started some disk checker and did lots of cleaning, moving, editing, etc... of different files I think.

Here is the log that appeared after reboot:

========== SERVICES/DRIVERS ==========

Service\Driver sjkd52c deleted successfully.

Service\Driver 7bc5f91b.sys deleted successfully.

========== FILES ==========
c:\windows\svchasts.exe moved successfully.
File move failed. c:\windows\system32\drivers\sjkd52c.sys scheduled to be moved on reboot.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09032009_161338

Files moved on Reboot...
c:\windows\system32\drivers\sjkd52c.sys moved successfully.

Registry entries deleted on Reboot...

Re: Police Pro, Total Security3rd September 2009, 10:18 pm

We can remove OTMoveIt now.

Please double-click OTM.exe to run it again.
Press the green CleanUp! button.
Press Yes cleanup process prompt, do the same for the reboot prompt.

How is the machine running now?

Re: Police Pro, Total Security4th September 2009, 1:17 am

Thank you sooooooo much!!!

I don't know if it's back to its old self 100%, but it is working really good again. I'm going to tell everyone about this website!!

Thanks, and I'll be back if anything comes up.

Re: Police Pro, Total Security4th September 2009, 3:03 am

Hi again,

Actually there is a problem. The computer will not restart or shut down on its own. I have to manually hold down the power key, which I don't think is good for the laptop. Any advice?

Police Pro, Total Security

descriptionPolice Pro, Total Security2nd September 2009, 10:24 pm

descriptionPolice Pro2nd September 2009, 10:57 pm

descriptionRe: Police Pro, Total Security2nd September 2009, 11:55 pm

descriptionPolice Pro3rd September 2009, 2:07 am

descriptionRe: Police Pro, Total Security3rd September 2009, 2:18 am

descriptionPolice Pro3rd September 2009, 3:01 am

descriptionpolice pro....log page 23rd September 2009, 3:03 am

descriptionpolice pro, log page 33rd September 2009, 3:04 am

descriptionpolice pro....log p. 43rd September 2009, 3:05 am

descriptionpolice pro...log page 53rd September 2009, 3:06 am

descriptionRe: Police Pro, Total Security3rd September 2009, 2:43 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 2:48 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 2:54 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 3:02 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 3:16 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 3:16 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 3:21 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 3:37 pm

descriptionRe: Police Pro, Total Security3rd September 2009, 10:18 pm

descriptionRe: Police Pro, Total Security4th September 2009, 1:17 am

descriptionRe: Police Pro, Total Security4th September 2009, 3:03 am

descriptionRe: Police Pro, Total Security