Over 1 million tech questions and answers.

Windows Police leftover help please

Q: Windows Police leftover help please

I used the Windows Police removal procedure as shown and successfully removed the program. THANKS - got my computer back! However, every time I start up my computer or a program now I get the following window notification "name of exec file - BAD IMAGE. Then it states that "globalroot\systemroot\system32\gasfkybospyfqm.dll" is not a valid Windows image. Please check it against your installation disk." I can click on OK and everything works but it comes up everytime something loads. Any information on getting rid of this screen would be appreciated. Also - all my RESTORE points have gone, I can't even get back into yesterday or last month. RESTORE is set to work so????

RELEVANCY SCORE 200
Preferred Solution: Windows Police leftover help please

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Windows Police leftover help please

Moved from HJT to a more appropriate forum. Tw

Read other 7 answers
RELEVANCY SCORE 77.6

Hello, I originally posted this over in "Am I infected? What do I do?" and then Blade Zephon recommended I start a new topic here.Here is the original topic: http://www.bleepingcomputer.com/forums/t/257317/my-pc-iswas-infected-by-windows-police-pro/For your convenience, I'll just quote the whole thing, omitting the unnecessary parts:Now, however, I've got a newer PC virus/malware, and I don't know what to do with it! I was just on some gaming websites when my computer revved up, so I checked task manager, and saw two processes trying to run: "a.exe" and "b.exe." I ended both of them, but soon after that "Windows Police Pro" popped up. I knew what kind of malware it was, so I ended it in task manager and deleted its folder which had popped up in my C:/program files.Those two processes kept coming back, though... I tried to run Malwarebytes, but it did not, and still will not work, even though I've reinstalled it several times. I even tried running the Fixexe.reg program, but it didn't seem to help. I can't even get Malwarebytes to start up unless I reinstall it, and then it only gets about four seconds into a scan before it closes abruptly. I ran "AdAware 2008" successfully, but it only picked up four things... I downloaded "Avast," and it did a long start-up scan, apparently getting rid of several of the infected files --- lots of filenames with "SKYNET" in them --- there was one .dll I "moved to chest" and one file I could do nothing but "ignore..." Now, Avast is installed, ... Read more

A:Help me remove a rootkit leftover from a Windows Police Pro infection

Hello Bent 00,Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Read other 31 answers
RELEVANCY SCORE 48.4

After finally getting the Windows 10 Anniversary Update to install, as expected, I had a WIndows.0ld file. Following instructions posted here and elsewhere, I used Disc Cleanup to remove most of that file.

There are still two folders remaining in Windows.old from System32, one in Drivers (IntcDaud.sys) and one in DriverStore (intcdaud.info.amd64xxxxx.) When I go directly to System32, both drivers appear in the same folders where they show in Wndows.old. Disc Cleanup no longer even recognizes Windows.old, so I cannot run it again to remove what appear to me to be extraneous entries.

Can I safely use Unlocker to try to remove the remaining Windows.old file, which likely would only work after a reboot? If not, is there some other method, short of using the Jaws of Life or a ten-pound sledge hammer to remove the leftover Windows.old file?

A:Windows.old leftover

Hello Not Myself,

Unlocker should work for you. If you like, OPTION THREE below should work as well.

Windows.old Folder - Delete in Windows 10

Read other answers
RELEVANCY SCORE 46.8

Hi,
 
Looking through the C:drive on my Widows 10 desktop PC, I have discovered a folder named ComboFix. I ran a ComboFix scan and repair a couple of years back under directions from BleepingComputer.com when i had a different username (chipparus) and adifferent OS (Windows 7 I think).
 
Out of curiosity I looked at the properties of this folder which states
Type: Folder
Location:   C:/
Size:   60.3 MB
Files    337
Folders    3
 
However, when I click on the folder it seems to contain a replication of "My PC" including six system folders and Drives: C:/, D:/, E:/, F:/ & G:/ including all content amounting to over 500GB. I am wondering if this is a duplication or some sort of false library folder and whether or not I can get rid of it?
 
Any advice would be much appreciated.
 
Many thanks
 
Roger
 
 
 
 

A:Removing leftover ComboFix folders Windows 10

Please download DelFix by Xplode and save to your Desktop.Double-click on delfix.exe to run the tool.Vista/Windows 7/8/10 users right-click and select Run As Administrator.Put a check mark next to these items:- Remove disinfection tools- Create registry backup.Click the "Run" button.When the tool has finished, it will create and open a log report (DelFix.txt)-- Doing this should remove ComboFix and all of its related files/folders as well as any other specialized tools downloaded and used for malware removal. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click on it and choose delete).

Read other 3 answers
RELEVANCY SCORE 46.8

When I delete the last email message in Win Live Mail I see that the header of the last email stays leftover in the Reading pane. Just the last message. The header of the last message I should say. When you delete messages in most programs the whole thing gets deleted. Is there something I can do to fix this or is this just another bad setting from Microsoft?
 

Read other answers
RELEVANCY SCORE 46.4

Hi,
I am using the Backup and Restore Center to backup a desktop and a PC to a local network WD My Book one TB drive. These backups are monthly. There are sets of fifteen to twenty zero length temp files of the form SDT3648.tmp for each machine for each backup. It seem obvious that the backup program should have deleted these files. Is this a common experience with Windows Vista backup for anyone else?
Thanks
Frank C

A:Windows backup, leftover zero length temp files

Hmmm, i am not sure if they are supposed to be left or not, but, temp files are just that, temporary, i use this to clean my up : TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums
Hope this helps you out.

Read other 1 answers
RELEVANCY SCORE 44.8

Hi all!
 
I have MS Win XP Pro SP3 32-bit, and Windows Media Player 11, and would like to remove several files named AlbumArt.jpg, AlbumArtSmall.jpg and Folder.jpg . There is also an important file named desktop.ini, which I of course will not delete.
 
However, as I try to delete them, one of the following generic warning message(s) that comes up, is like this:
 

AlbumArtSmall.jpg is a system file.
 
If you remove it, it is possible that your computer or one of the programs on your computer will not work properly. Are you sure you would like to move it to the Recycle Bin?

 
Obviously this is because the files are 'hidden'.
 
I rarely use Windows Media Player, as I have moved on to iTunes, which IMO is far more versatile for maintaining my music library.
 
So, now I am wondering: How do I safely remove Windows Media Player leftover jpeg files with a script?
 
Thank you very much in advance!
 
Regards,
midimusicman79

A:How do I safely remove Windows Media Player leftover jpeg files with a script?

Hi again midimusicman79 Windows Media Player is a core component of Windows. Any attempt to remove it, uninstall it or else will leave you with system files corruption. So if I were you, I would leave it be and not touch it. You cannot fully uninstall "core" components of Windows, any attempt to do so will bring you problems, I can guarantee you that.

Read other 3 answers
RELEVANCY SCORE 42

Im infected with windows police pro. i've tried a few how to's on removal but it ends up teh same way which is some of it is removed and then when attempting to run malwarebytes i get an Open with error. along with any other desktop .exe / programs / instalers / everything except folders. i can get some programs to work using run as but not all of them.

i've made my own thread because it seems to be what everyone is doing and i need specific help.

i have used viprer - left me with open with error. went on microsoft chat support was told two commands to help me with the open with error (one was assoc .exe=exefiles and the other i forget) but windows police pro came back and i couldnt run anything yet again.

attempt 2. i downloaded a program from a website and it gave me a bit of coding to copy and paste into the program. again, leaving me with the open with program. and im stuck now. im asking for help on another forum too. im going to try a program that was suggested to me its called smitfraud i think.

also, another website told me to download this program - spynomore which pissed me off because it found a lot of infections and then asked me to purchase it. i have screenshots from mbam - before bleep got crazy (i scanned and found 2 trojans and a backdoor but left it until the next day because it was in my system32 i was going to ask for help from friends but when i came back to my computer the next day bleep was crazy) and i have screenshots from spynomore.

A:Windows Police Pro

the program i was suggested - smitfraud - wasnt able to run so im still f'd

Read other 13 answers
RELEVANCY SCORE 42

I believe that I have Windows Police Pro on my computer. I don't know how I did this. I just know this morning I got these security warning messages that kept popping up, but the page could not be displayed. Then after that I got a screen with this writing on it, I can't remember what it said, but I had to restart my computer. After I restarted I noticed that when I tried to do a search on google.com in Opera, I got either a blank page or when I clicked a link a new tab would open to places such as searchfindsite.com, wecrawler.com, or a site called iprowl. So I did a scan with McAfee which found 11 items on my computer. The items FakeAlert-Gv, Generic Downloader.x!bff, Generic Downloader.x!yj, Generic.dx!bbc(found twice), and Generic Downloader.x!bcj (found 4 times) were quarantined; PrcViewer was detected but I removed the file; And Generic Rootkit.d!rootkit was susposed to be removed. I decided to do another scan and the Generic rootkit was found and I guessed removed again, but since the rest of it was not detected on the second scan I thought everything was okay. But I did still have the problem with google and Opera. I decided to click the gold shield on the taskbar of my computer to do updates. I did the updates a couple of times because it didn't seem to be working. Then I decided to upgrade to the latest version of Opera hoping this would help the problem with google. While I was downloading I noticed a silver on the taskbar, and when the download was ... Read more

Read other answers
RELEVANCY SCORE 42

My Dad got Windows Police Pro on his computer. I have gotten the program off and deleted it from the machine... at least part of it. I no longer comes up when the machine is logged into. I got a registry fix from a computer guy I work with so that I am able to run exe files again. However, I cannot get Malwarebytes to scan or any malware program, antivirus program or anything else to run. After about 10 minutes of the machine being one it blue screens on me with various 0x0 codes. Most common is 0x0000007B. I tried running a registry repair program (registry mechanic) and it found errors and fixed them, but it didn't fix the problem.
I cannot start the computer in safe mode either.
I really don't want to have to format and start over....
Can anyone help?????
Thanks!

A:Windows Police Pro

One additional note, this is on Windows XP (home edition)

Read other 2 answers
RELEVANCY SCORE 42

I followed the guide that is listed on this site to a T twice, and upon restarting Windows Police Pro is still here. Any assistance would be most appreciated. I followed this guide: http://www.bleepingcomputer.com/virus-remo...dows-police-proMalware Bytes Log:Malwarebytes' Anti-Malware 1.39Database version: 2464Windows 5.1.2600 Service Pack 29/21/2009 9:18:40 AMmbam-log-2009-09-21 (09-18-40).txtScan type: Quick ScanObjects scanned: 94104Time elapsed: 8 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

A:Windows Police Pro

I tried running malware bytes in safe mode and it found nothing. When rebooting, it was back up again. This is really driving me crazy.

Read other 3 answers
RELEVANCY SCORE 42

Hoping you can help me with this!

2 days ago I started getting loads of popups and error messages on my computer, and a WINDOWS POLICE PRO message saying I was infected with hundreds of viruses and to buy their antivirus! I didn't of course, knowing it was malware but I can't run any anti-malware programs our even open my anti-virus (mcafee) or many other programs on my computer! I tried following the instructions on your site but it hasn't worked!

In the task manager processes I didn't have the Windowspolicepro.exe files so couldn't end process I did have svchast.exe so ended that one. I was able to find some of the related files and have deleted them form my computer.

I am still however unable to run any of the antimalware programs that should allow me to remove the program and although I no longer have any of the popups I'm obviously still infected!

I appreciate the help!

Ginzaboom

A:Windows Police Pro

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 3 answers
RELEVANCY SCORE 42

Hello everyone,I've been working with boopme on this. Here is what we have tried so far.http://www.bleepingcomputer.com/forums/ind...=263954&hl=He asked that I run Win32kDiag.exe and post the log here. So here goes. Please help.Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB972260-IE7\KB972260-IE7Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF}Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\A5W_DATA\A5W_DATAMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\addins\addinsMount ... Read more

A:Windows Police Pro and more

Hi Cliff,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.You computer is infected with a recent rootkit and I'm sure there are more and we have to take them out step for step. Make yourself ready for a long ride.Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.

sc config eventlog start= disabled

Important: Reboot the computer.

We need to run the tool with the following command to fix some malware related changes.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Download RootRepeal.exe from one of these download locations and save it on the root of C drive (C:\)
http://download.bleepingcomputer.com/rootr.../RootRepeal.exe
http://ad13.geekstogo.com/RootRepeal.exe
http://rootrepeal.psikotick.com/RootRepeal.exeOpen .Click the tab.Click the button.Check all seven boxes: Click Ok.Check the box for your main system drive (Usually C:), and press ... Read more

Read other answers
RELEVANCY SCORE 42

Well gang I found a seriously nasty variant of this bad guy. I'm about 100% sure it has rootkit activity. It was on a large school network and came through as a driveby install. It starts up with the usual "your infected" scare screens and over time morphs into several pop ups (fake windows security screens, pop up balloons warning of impending doom to private info) This signies there are multiple trojans at work given enough time to spawn. I would love to kill this thing understanding that it may never be TRULY clean again. I have already replaced the hard drive in the system and would like to "learn" from this infection as I maintain the network mentioned and want to be prepared. I have already eradicated many "fake alerts" like this with major success but this one seems extremely stealthy and persistent so before I started the usual techniques I thought I would run it by you folks. My dilemma is this: I cannot for obvious reasons just plug this system back in to the network and start uploading logs. Is there a proven method you have developed for sharing logs without moving the infection from the infected system to a known clean workstation? Does this family of trojans jump drives when detecting a file transfer say to CD or USB drive? I don't mind plugging in to a broadband connection at home and doing it from there but I would like to have a "starting" list of utilities you think will be needed. Where should we start? Anyone... Read more

A:Windows Police Pro

To be more helpful I am preparing a DDS and Root Repeal log to post. I am taking this system home and off the enterprise network. I hope to have the post updated with logs later this evening. Hope someone wants to join the fight!

daltom1985

Read other 6 answers
RELEVANCY SCORE 42

I need some help.. I keep getting a Windows Police Pro pop up. I'm unable to access anything except internet. I'm currently running in safemode.

I have Windows XP Build2600
Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:46 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Inst... Read more

Read other answers
RELEVANCY SCORE 42

My Acer Aspire 5250 Laptop Windows 7 64bit Home Premium SP1 is infected with Win police pro .exe Bot . The computer rruns slow , and for a while I had very little control . I ran a Spybot Search and Destrory , set to advanced tools and settings . The scan came back no problems found . I was able after the scan to get into msconfig and cmd.exe . I still have the Bot . So here I am asking for help and instructions . I want to thank all the staff for their help .I posted all the specs for the laptop in my profile area. Louie22u

A:Windows Police Pro.exe

Hello and welcome. I move this from WIN7 to the Am I Infected forum.Please follow our Removal Guide here Remove Windows Police Pro (Removal Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 5 answers
RELEVANCY SCORE 42

Hello There,I have dell vostro 1500 running with Vista Ultimate. On Friday , my brother download a file called working generator.exe for one of his games. And thats it, after that my computer is never been same. First all the .exe files were non reponsive and wont start, would give a debugger error[97] ( its file is called desote.exe). I downloaded OTM and moved the files, and then removed the entires from the registry using REGEDIT. and then went to run MalwareBytes antimalware. It will open up the windows starts for 9 seconds and then the window closes, if i try to re-open, its gives an error saying "Windows cannot access the specified device, path or file. you may not have the appropriate permission to access them"Same is the case for HIJACK THIS, Sybot Search and Destory, and RootRepeal and same with COMBOFIXin case of RootRePeal , i am getting the following error as soon as i start RootRepeal.exe"FOPS - DeviceIoControl Error! Error Code = 0x00000024 Extended Info (0x000000f8) DeviceIoControl Error! Errorr Code = 0x1e7"if i select reports tab and try to check the options like drives, files etc and select scan, it gives an cannot initialize error also for RootRepeal.execan someone please help me, i cannot loose all the information i have on my laptop. Please i am desparate over here.Thanks and i Appreciate it.

Read other answers
RELEVANCY SCORE 42

I have a screen that pops up and is titled Antivirus Pro at the tab and the complete screen is titled Windows Police Pro.I cannot access any of my programs and anytime time I try an Anti-Spyware (or any program) a box pops up tab says it is not a valid Win32 application. Because I had Bleeeping Computer saved in my -email I was able to save mbam setup.exe to my desktop. But when I clicked on it I got "it is not a valid Win32 application." It will not even allow me to use my restore to a previous date. PLEASE HELP!!!!

A:Windows Police Pro Also

Hello peggy58 I am splitting you to your own topic in this forum. Titled Windows Police Pro AlsoYou have a rootkit.As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible. Now ... Download this Utility and save it to your Desktop.Double-click the Utility to run it and and let it finish.When it states Finished! Press any key to exit, press any key to close the program.It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.Let me know how that went.

Read other 1 answers
RELEVANCY SCORE 42

My kids got on a site that brought in Windows Police Pro.
It has completely blocked me from being able to do anything to remove it.
I have tried to download Fixtm.reg but it just jams my computer.
I've tried to access other malware sites and it jams my system.
I've truly been taken over by pirates and am being hijacked.
What can I do?

A:Windows Police Pro

Welcome to BCLet's check for rootkitsWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr=======================================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Pr... Read more

Read other 1 answers
RELEVANCY SCORE 42

I encountered this problem a couple weeks ago and thought it had been removed but now I get a message denying access to internet sites from Windows Police Pro. Any help is appreciated.

Sarah
DDS (Ver_09-10-13.01) - NTFSx86
Run by Sarah at 10:40:26.46 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.506 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\... Read more

A:Windows Police Pro

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Also, seems that you've run ComboFix by yourself (not recommended!). Please post contents of ComboFix.txt log as well.

Read other 2 answers
RELEVANCY SCORE 42

i have been redirected too over here and been asked too post the link too my old post http://www.bleepingcomputer.com/forums/t/257292/windows-police-pro/so when i try to to do that preparation for this guide.. i was stuck at running the DDS programa pop up came up and says "Windows cannot find 'cmd'. Make sure you type the name correctly, and then try again. To search file, click the start button, and then search." it have a botton to click ok also.

A:Windows Police Pro(or something else?)

OTL Extras logfile created on: 10/1/2009 4:22:45 PM - Run 1OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Owner\My Documents\DownloadsWindows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.81% Memory free3.39 Gb Paging File | 2.76 Gb Available in Paging File | 81.45% Paging File freePaging file location(s): C:\pagefile.sys 1576 2152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 145.03 Gb Total Space | 61.05 Gb Free Space | 42.09% Space Free | Partition Type: NTFSDrive D: | 4.00 Gb Total Space | 2.37 Gb Free Space | 59.24% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: TONYCurrent User Name: OwnerLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].chm [@ = chm.fi... Read more

Read other 17 answers
RELEVANCY SCORE 42

Our woes with Windows Police Pro started last week. I initially posted my problems on the "Am I Infected" board here:Windows Police ProMark (garmanma) told me I needed to create a DDS report (which will follow) and create a RootRepeal log.I downloaded RootRepeal, but twice was unable to run it. Both times it created a small white screen that read "Initializing, please wait . . ." and then it hung. Then I'd get a warning that Windows was low on virtual memory, my virtual memory was going to be increased, but that certain programs would not run. I clicked OK, and the "Initializing" screen from RootRepeal remained for over 10 minutes. I had to do a hard reboot on the machine. After the second try, I figured that it wouldn't run at all after two failed attempts.My son's computer is running well now. It's faster than it's been in the past, and he's not complaining in the least. He's had no issues whatsoever with it since I ran SAS and Dr. CureIt.Here's the DDS log and I'm attaching the .txt file from DDS, too.Thanks for your help.Mary DDS (Ver_09-09-24.01) - NTFSx86 Run by Tim Viehoefer at 18:40:35.70 on Sun 09/27/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.58 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svch... Read more

A:Windows Police Pro

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 8 answers
RELEVANCY SCORE 42

I was infected with the Windows Police Pro virus. I have followed instructions from the website and I have seemed to gotten rid of it. The only thing is that I was trying to create a new system restore point now that I think I am clean. When I try to go to system restore I get a message that says "System Restore has been turned off by group policy. To turn on System Restore, contact your domain Administrator. I also tried acessing system restore in safe mood and I get the same message. Thanks for any help!

Read other answers
RELEVANCY SCORE 42

This is my first posting a thread, my computer has the Windows Police Pro virus since Friday the 9th of October. I have not used my computer since this morning. In the meantime, the following items are not allowing me to remove this virus:

Will not start in any safe mode
Disabled my task manager
Disabled my icons and start menu
Disabled my manual start command

Please help, the information stored on my computer has not been backed up.

thanks

A:Windows Police Pro

Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or HereMake sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here
and just double-click on mbam-rules.exe to install.
On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on t... Read more

Read other 19 answers
RELEVANCY SCORE 42

I started up my computer and as soon as i did windows police pro popped up. Can someone please help me remove this thanks.

edit: well i tried scanning with malwarebytes but before it even finished scanning windows police and malwarebytes closed on their own.

A:windows police pro help

Hello and welcome. let's try this..We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 1 answers
RELEVANCY SCORE 42

Windows Police Pro guide didnt work for me, the file i download didnt let me open it up cause of the problem
my pc is windows XP media center edition 2005.
so i really need help on fixing this, and my McAfee security center have scan the file after i got it tho but cant do anything else about it since i need to view details but i cant see it
when i try run any programs it give me errors
i try run fixtm and it gave me the error of "registry editor has been disabled by adminstrator"
i also try dds and it ask me if i want to run it, i click yes(run) then the error show up as "windows cannot find 'cmd'. make sure you typed the name correctly, then try again. to search for the fire, click start button, then click search."
also the error i get when i try open things is this
"c:\PROGRA~1\mcafee\mcshell.exe" i get this error about 4 times and i click okay on it
while i got that error i also got
svchost.exe error which have an debug, send error report and fix it button, i click debug and nothing happen and then send error report nothing happens. then when i click it brings up the window police pro x.x

am also sorry for editing this so much

A:Windows Police Pro

Hi antonior, and to Bleeping Computer!ROOTREPEAL-------------We need to check for rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Zip Mirrors (Recommended)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive.Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 5 answers
RELEVANCY SCORE 42

Looks like it is something new, and from the amount of posts, it appears to be rampant.

ANyway, keep getting the pop up for Windows Police Pro saying I am infected. Can't open anything.

IE, FireFox, Regedit, Command prompt....None of them will open.

I was able to delete the C:\Program Files\Windows Police Pro directory.

I deleted the directory, and renamed the .exe and rebooted. Then I was able to delete the folder completely. THis allows me to run without popups constantly. I have the machine off the network...

I had put mbam-setup.exe on a flash drive and was going to install it and run it, and it seems to have gotten deleted from the flash drive before I could run it.

I not have RootRepeal.exe and mbam-setup.exe and mbam-rules.exe on a CD and I'm ready to run them or whatever else I need to run. Let me know and let the fun begin....

EDIT: Found desote.exe in the C:\Windows\System32 folder. Everytime I tried to do properties, or something else, I would see a command window flash up with running desote.exe and then go away and nothing would happen. Now that I have renamed desote.exe to something else, I get a rundll32.exe not found error. Now if I do a Start-Run and try to run Regedit.exe, I get an "OPen With" Dialog box.

EDIT 2: I was unable to run anything. However, after renaming the desote.exe file, I was able to do Start - Run and type Regedit.exe and hit enter. Then at the "Open With" Dialog box, I was... Read more

A:Windows Police Pro

Hello actually you are not. You have a rootkit.As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible. Now ... Download this Utility from any of the following locations and save it to your DesktopDouble-click the Utility to run it and and let it finish.When it states Finished! Press any key to exit, press any key to close the program.It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.Let me know how that went.

Read other 3 answers
RELEVANCY SCORE 42

Hi everyone.

I just came upstairs to my dad saying that there is something popping up on the desktop saying that it's infected.
I turn on the computer and see "Windows Police Pro".
I go to run firefox to start searching how to remove this (dealt with something similar to this before) and a error comes up saying:

"This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem."

I am able to open firefox by going under Start and picking it in there.
I found info on removing it from the registry and everything(done this before with a similar virus(very similar in fact)), but I get the same error as when I was opening firefox when I try to open regedit.

Please help?

P.S. I subscribed to the forum already, don't need to post that :]

A:Windows Police Pro

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

Read other 11 answers
RELEVANCY SCORE 42

A search on this software led me to this forum, where it seemed that special instructions were required based on one's system. Yes, my computer is infected, yes I'm getting a pretty steady stream of false alerts and errors, and now I can't seem to run exe files. I had been getting my google searches hijacked for some time now, but hadn't gotten around to figuring out how to fix it. Now I wish I had been a bit more prompt in dealing with that.I went to http://remove-malware.net/how-to-remove-wi...1/#comment-6614and attempted to download and run their scanner/remover. I thought it might make things worse, although I don't really have any options other than to follow the advice of some stranger at this point. Luckily, my inability to run the exe meant I never had to test out their remover.Since the previous thread (started by Andy500) had andy run RootRepeal, I'll go ahead and try getting a scan out of that and posting it soon as well.Of course any help in cleaning this threat out of my system would be much appreciated.Edit 1: I found a way to work around the inability to run exe files for now. As such I was also able to get a HijackThis report (as well as run RootRepeal)which I can post if that helps

A:Windows Police Pro

Didn't see anyplace to attach a txt file, so I'm just going to do the old copy/paste from what I got from RootRepeal. If there is more info I need to provide, or I need to format it differently, let me know:
Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xB763D000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7EF3000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB875B000 Size: 3072 File Visible: - Signed: -
Status: -

Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xB6D9B000 Size: 132352 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB85EA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB75FD000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB82080... Read more

Read other 2 answers
RELEVANCY SCORE 42

Hello. I was instructed to come here from here. Anyways, my DDS program refuses to run. Most of my programs (except firefox) are not able to open up. It will always say ERROR. I can surprisingly search google on firefox without my links getting hijacked, but that's about it. The only thing I have is this Root Repeal Log....ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/08/30 16:30Program Version: Version 1.3.5.0Windows Version: Windows XP Media Center Edition SP3==================================================Drivers-------------------Name:Image Path:Address: 0xF73E3000 Size: 98304 File Visible: No Signed: -Status: -Name:Image Path:Address: 0x00000000 Size: 0 File Visible: No Signed: -Status: -Name: 1394BUS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYSAddress: 0xF769C000 Size: 57344 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xF7527000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2150400 File Visible: - Signed: -Status: -Name: AegisP.sysImage Path: C:\WINDOWS\system32\DRIVERS\AegisP.sysAddress: 0xF1BC0000 Size: 17920 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xA294D000 Size: 138496 File Visible: - Signed: -Status: -Name: AGRSM.sysImage Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sysAddress: 0xF2C25000 Size: 1149888 File Visible: - Signed: -Status: -Name: ar... Read more

A:Windows Police Pro

Hello Zincous, You have a nasty rootkit on this computer. Step 1Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Step 2Download and run a batch file (peek.bat): Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.Please post back with:Win32kDiag.txtContent of the log.txt

Read other 2 answers
RELEVANCY SCORE 42

So, ive seen that alot of people have gotten it today. i have too, its really annoying....i dont know how to get rid of it. i did a scan with RootRepeal and these were the results:

ROOTREPEAL ? AD, 2007-2009
==================================================
Scan Start Time: 2009/08/30 16:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF73E3000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF769C000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7527000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF1BC0000 Size: 17920 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA294D000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xF2C25000 Size: 1149888 File Visible: - Signed: -
Status: -

Name: ar... Read more

A:Windows Police Pro

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

Read other 6 answers
RELEVANCY SCORE 42

HP Pavilion LaptopWindows XP HomeSisters computer. Wasn't able to boot yesterday at all got use of task manager and was able to finally run MalwareBytes but it keeps shutting off at the very end. I, quite frankly, have tried much of what I have read, but am only able to do very limited actions as I can only work from Task Manager and the File/New Task (Run) command. Have been accessing spyware utils from usb drive. Please help No Desktop-No Start Menu. Thanks in advance,TonyO(Please View New Topic In Hijack This Logs Forum)http://www.bleepingcomputer.com/forums/ind...c=262661&hl

Read other answers
RELEVANCY SCORE 42

My son's computer got hit tonight. AV has been turned off. Security Warning keeps appearing with a dialog box to purchase Windows Police Pro. I tried system restore but got the error message that C:\Windows\System32\restore\restrui.exe is infected. Please activate your antivirus program. However, I can't even launch AVG at all to try to activate it.When I finally got Firefox to load, his home page didn't load, either. A window came up showing: "This is embarrassing" message.I don't even know where to start, as in order for me to post this message, I had to drag the Windows Security Center window down to the bottom of the screen so I could see what I was typing, because no matter what, it wouldn't go away. Pulling up Task Manager and ending the process does no good, either, as it ends the process, and then it starts right up again.I have not shut the computer off. This all started about an hour and half ago.Thanks for any guidance.Edit: my son just told me that the system did shut down, with a countdown from 55 seconds down. When it restarted, the Acrobat welcome screen appeared then disappeared. It's almost as if an Acrobat file launched, then the havoc began.That's where we stand.Edit again: I found the self-help guide on BC for removing this nasty thing. I was printing the guide, and all of a sudden the system shut down. It got to the Windows "Saving your Settings" screen and froze there. We... Read more

A:Windows Police Pro

Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

Read other 9 answers
RELEVANCY SCORE 42

I'm going to start from square one and it's been a long night so here goes...Searching Google, AVG flashed an incoming Virus which it could not stop. Windows Police Pro loaded and ran on my computer. Ran task manager, end program Police Pro. Opened AVG and scanned whole computer. Police Pro opened back up and ran during scan. Scan completed without finding much more that some tracking cookies and one issue in registry. All issues were claimed to be healed by AVG but Police Pro remained. Manually searched and found files to Police Pro and removed. At that point the only thing that remained was the empty file that held it which would not delete. Police Pro did not start back up but i knew i still had an issue since my Control Panel Add/Remove Programs would not open. Restarted computer and it went into a Boot Loop. Tried Safe Mode, Last Known Good Configuration, and Start Normal. All returned to Boot Loop with a random quick flash of a Blue Screen. Booted from Windows XP CD and ran repair on partition. With a few errors and restarting Windows setup it finally went through the whole repair and I made it to the Finalizing Windows and the computer stalled, reset and went back into Boot Loop. I have attempted to repair again but the Partition says XP already exists and will not repair. Now I'm also randomly getting the Blue Screen error Stop 0x0000006F. I've gone through hardware, swapped my Memory around in every possible way it can. If I let the computer run witho... Read more

A:Windows Police Pro

Ok so this is what I've done now. I've taken the hard drive and installed it as a secondary in one of my spare-not so important computers. I can access everything on the hard drive EXCEPT My Documents which...of course...holds all the files I desperately need to save. It says the Documents and Setting is not accessible. Access is Denied. I need to find a way to get in and copy the files I need. If I can get those files off I have no problem and will reformat but until then I need help getting those files!

Read other 3 answers
RELEVANCY SCORE 42

I got a bad virus from a torrent. I've tried it all. It's Windows Police Pro. Followed instructions only to find that dds.scr won't run. Says it's a invalid windows application. I've searched for other topics/posts on this matter, and haven't found any so I'm sorry if it's been covered elsewhere. Please help. thx

A:can't run dds/windows police pro

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

Read other 6 answers
RELEVANCY SCORE 42

Hello everyone, I am new to the forum and ask that anyone who helps me please be patient with me as I am not too savvy with computers. My OS is Windows XP Home. I recently downloaded and installed Mozilla Firefox and made it my browser after using AOL for about 7 years. I've had Firefox for about a week and noticed once in a while I would get those fake antivirus warnings that try to get you to buy the program through scare tatics. Well today my AVG antivirus finished up it's scan when it happened again, this time with a program called "Windows Police Pro". My taskbar was filled with about 8 of them and I just kept closing them down until they stopped. I know I'm now infected with something and I want the problem solved just like anyone else would. Theres a few guides out there but I don't like the idea of downloading things from shady websites. I can provide more information if it's requested.

Another thing I noticed is that when I try to Google search on Firefox I get redirected to sites that have to do with antivirus programs and such.

Edit number 2: Just clicking on "My Computer and searching "Police" gives me 2 results, an application and a file folder both labled "Windows Police Pro"

A:Windows Police Pro

Hello lockheed301 and :welcome to BleepingComputer.Let's see what we're dealing with here. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all... Read more

Read other 55 answers
RELEVANCY SCORE 42

OK , so here is my problem I have Malware already installed , but this Windows Police Pro , has some how disable it . what the work around at this point . I am able to use spy doctor , but its not totally removing this program

A:Windows Police Pro

Hello Lees9I split this to it's own topic.Please go here to our removal guidehttp://www.bleepingcomputer.com/virus-remo...dows-police-proScroll to the Automated Removal Instructions for Windows Police Pro using Malwarebytes' Anti-Malware:Follow those instructions. Post back the scan log and tell us how it's running.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 1 answers
RELEVANCY SCORE 42

i removed all windows police pro programs and files but still cant run any software. recently as i was scanning my computer with malwarebytes malware software my computer shut down on its own and turned back on. while running the software it also didnt complete the scanning and also closed on its own. please help! i think its getting worse...ugh

A:HELP WITH WINDOWS POLICE PRO!!

Hello konspiracy58 and to BleepingComputer.Let's see what we're looking at here.Please install RootRepealNote: Vista users ,, right click on desktop icon and select "Run as Administrator."Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorDisconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.Extract RootRepeal.exe from the zip archive.Open on your desktop.Click the "Drivers" tab, and then click the button.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.~Blade

Read other 5 answers
RELEVANCY SCORE 42

WHat the heck? i have no idea what happened. i got a popup from my mcafee saying it had blocked a trojan, the computer froze and so when i rebooted i suddenly have this bloody annoying thing that keeps popping up called WIndows Police Pro. it will not let me run any applications, i have tried downloading various tools but when i click to execute i just get a little command prompt and then nothing. I cant even run the DDS program that is listed in the read this first. Keeps trying to get me to buy their product, it has diabled MCafee and overtaken windows security center. System restore will not work, nor will anything in the control panel.

Mcafee didnt want to know, basically useless waste of money that is.

PLEASE HELP

A:WIndows Police Pro

Hello -

Please provide as much information as you can about the system. XP, Vista? Service Pack level?

Does Task Manager work? Ctrl + Alt + Del

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 42

Hey guys, I'm infected with this thing that shuts down malwarebytes after four seconds of running. Wont let me run HJT or Norton or safe mode. I don't really know what to do. It blocks up my internet and keeps redirecting my google searches. In my processes, I found some weird stuff like a five or six different iexplorer.exe processes running as well b.exe and c.exe. I need help What should i do?

A:Windows Police Pro

Hello and welcome . Start here Remove Windows Police Pro (Removal Guide)Scroll to Automated Removal Instructions for Windows Police Pro using Malwarebytes' Anti-Malware:when Completed post the Scan Log here.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.how is it running no?

Read other 13 answers
RELEVANCY SCORE 42

I know that there are other postings about this and pretty much I have the same situation...I feel like infected beyond repair because it won't let me open any programs...plus it keeps popping up alerts....plus it redirects me over and over again to other web sites....Is there any kind of relief from this or is my computer beyond recovery??

A:HELP: Windows Police PC

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

Read other 12 answers
RELEVANCY SCORE 42

I have no idea what website this came from but I'm sure it got it from using Internet Explorer for a few seconds (usually use Firefox).

This thing keeps alerting me about "viruses" on my computer such as "Virus.Win32.Gpcode.ak" and asks me to pay money to remove it.

I've been trying to remove it all day.

When I first got it I had several processor intensive programs running (a MMO, web browsers, etc.), so I decided to restart my computer and then tackle the problem. Upon restart none of my virus scanners would start. In fact no .exe file would start I believe.

Then I decided to restart and boot in Safe Mode. On another computer I read people (this forum actually) suggesting Malwarebytes' Anti-Malware. I already had it on my computer, but I could not start the program. I kept getting a command-prompt like window titled: C:\System32\desote.exe and in the window it said something like, "This program's memory is too large" or something. So I went into system32 and deleted desote.exe. The program still wouldn't start, so I uninstalled MBAM from the control panel, downloaded a new installer from another computer, put it on a flash drive, and then put the on my computer (had to reboot on standard mode). I then rebooted in safemode and installed/tried to get it to work/uninstalled multiple times. I also booted on standard mode a few times as well. At one point, my computer looked like it was on Safe Mode even though it w... Read more

A:Windows Police Pro

Someone please help? :S

I found the blue screen error:

Stop: 0X0000008E (0XC0000005, 0X8CB55072, 0XA46FF018, 0X00000000)

Read other 3 answers
RELEVANCY SCORE 42

(First post, bear with me pls)

I am trying to use the do-it-yourself Remove Windows Police Pro (Removal Guide) [post="http://www.bleepingcomputer.com/virus-removal/remove-windows-police-pro"]see here[/post]

I am hung up on step 2. I am instructed to download Fixtm.reg to my desktop, then click yes when asked to merge the data. However, I am not given yes as an option, only open or run- neither of which do anything. So my initial issue remains- I cannot access the task manager. Any suggestions?

Thank you kindly!

A:Windows Police Pro

Welcome to BCThat method does not always work. Especially with the newer variants coming outLet's try some scans that you can submit to the HJT forumWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr=================================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a ... Read more

Read other 3 answers
RELEVANCY SCORE 42

So i left for a few days and come back to a failing computer. Its slowly gotten worse and worse. At this point i am running in safe mode, since i don't want the problem to get any worse.
Im pretty savy with a computer, and the only reason i find myself on here is i just simply can't get it fixed. The common WPP problems i have are as listed. Cannot open any application, msconfig, new program, or any of the many good anti-spware/malware programs.
All these programs all say that they are "not a valid Win32 application".
I have also downloaded RootRepeal and OTL but neither will open, the same Win32 box opens. I have never used these apps, but i seen some threads about WPP and had some of your pros require the logs for research. I tried to download and get these on, but i can't.
I ran Spybot S&D, Malwarebytes, and Eset Nod32 for defenses. On Windows XP Pro.
Hopefully i can get back on my computer soon, my EQ double experiance weekend is almost gone

I appreciate any help you guys can give me!
P.S.
No im not on a compaq

A:Windows Police Pro

Hi and welcome.. I am moving this to the Am I Infected forum from XP as you are.You have a rootkit.As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible. Now ... Download this Utility and save it to your Desktop.Double-click the Utility to run it and and let it finish.When it states Finished! Press any key to exit, press any key to close the program.It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.Let me know how that went.

Read other 22 answers
RELEVANCY SCORE 42

My home computer primarily used by my kids is infected by Windows Police Pro. I have attempted to use the removal guide however i cannot get past step 2, download Fixtm.reg. It will not let me run this program.
any suggestions?

Read other answers
RELEVANCY SCORE 42

Tried (unsuccessfully) to remove Windows Police Pro using the removal guide. Everything works as described until I run Malwarebytes and Win Pro Police is NOT detected. When I reboot, it's back..So after running fixtm.exe, ending Win Police Pro and svchasts from the taskmanager, running fixexe.exe I am able to run Malwarebytes, HijackThis, and Rootrepeal. Here are my logs:***edit - just deleted the 2 items in red below using HJT***Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:52:07 PM, on 9/14/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\W... Read more

A:Windows Pro Police - help!

At the risk of being put to the back of the line, I'm doing the unthinkable.. bumping my post. I've been eagerly anticipating a reply for the last 10 days. I'm amazed at the number of threads that are created on a daily basis.. I understand the delay.. but I also see initial posts that get answered the same day.. Perhaps these are "slam dunk" fixes... dunno.. Any/all help will be appreciated.Thank you!!!Paul===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastr... Read more

Read other 22 answers