Windows Police Pro

View previous topic View next topic Go down

Windows Police Pro

Post by illegit on Mon Aug 31, 2009 4:32 pm

Last time the help was amazing. Much appreciated. Unfortunately, now my parent's computer were infected because they didnt know better to no click certain things. So whenever i try running any program i get the error alert "C:\Documents and Settings \ Larry Chung\ Desktop\winlogon.exe" And usually where winlogon.exe, that changes depending on the program you are trying to run. However somehow i managed to get up a hijack log and hopefully this will help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:04 AM, on 8/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\svchasts.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Larry Chung\Desktop\winlogon.exe
C:\Program Files\Windows Police Pro\Windows Police Pro.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [You must be registered and logged in to see this link.]
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchasts.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 7627 bytes

illegit
Novice
Novice

Status :
Online
Offline

Posts : 44
Joined : 2009-08-03
Gender : Male
OS : XP Professional

View user profile

Back to top Go down

Re: Windows Police Pro

Post by illegit on Mon Aug 31, 2009 4:32 pm

And here is my uninstall list:
Ad-Aware
Ad-Aware
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0
Anatomy and Physiology Review
AOL Instant Messenger
Atheros Client Utility
Atheros Wireless LAN MiniPCI/PCIe card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Azureus Vuze
CD/DVD Drive Acoustic Silencer
Chabner
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD-RAM Driver
Google Updater
GTK+ Runtime 2.12.12 rev a (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
ImageQuix - PhotoSession
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
JD Secure 3.1
LimeWire 4.16.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Office 2003 Trial Assistant
Panda ActiveScan
Pidgin
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet NIC Driver
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic DLA
Sonic RecordNow!
Spyware Doctor 6.0
Starcraft
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Ventrilo Client
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Police Pro
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver
Your Guide to Passing the AMP Real Estate Exam

Im not sure of what half the things are on here and as this is not my computer I do not know what they do on here. However, I would like to help my parents clean up everything on this computer cause they find endless hours of entertainment watching asian movies online and keeping them of my back. Thanks in advance guys and you guys do an awesome job! Btw i tried malwarebytes but it wont open.

Edit: okay good news. I got the computer to run Malwarebytes but its not fully updated because there was a problem with the updated. If i tried going to the manual updating database it says the site does not exist or something along those lines. i ran a full scan of my C drive and so far has 11 infections. Am i going to need to do anything after this?

illegit
Novice
Novice

Status :
Online
Offline

Posts : 44
Joined : 2009-08-03
Gender : Male
OS : XP Professional

View user profile

Back to top Go down

Re: Windows Police Pro

Post by illegit on Mon Aug 31, 2009 5:02 pm

Okay here is the log after the scan.

Malwarebytes' Anti-Malware 1.40
Database version: 2631
Windows 5.1.2600 Service Pack 2

8/31/2009 10:00:14 AM
mbam-log-2009-08-31 (10-00-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150358
Time elapsed: 24 minute(s), 58 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
C:\Program Files\Windows Police Pro\Windows Police Pro.exe (Rogue.WindowsAntivirus) -> Unloaded process successfully.
C:\Documents and Settings\Larry Chung\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\desote.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Windows Police Pro\Windows Police Pro.exe (Rogue.WindowsAntivirus) -> Delete on reboot.
C:\Documents and Settings\Larry Chung\Local Settings\Temp\rwemasnocx.tmp (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\Documents and Settings\Larry Chung\Local Settings\Temp\cwemxonasr.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Larry Chung\Local Settings\Temp\wmernsxoac.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Larry Chung\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Edit: okay so some were deleted and it said others could not be deleted and they would be added onto the list to be deleted when the computer reboots. I reboot the computer and then i dont think malwarebytes had the chance to load up and i got the blue screen. I dont know if that means i need to do another scan or not?

illegit
Novice
Novice

Status :
Online
Offline

Posts : 44
Joined : 2009-08-03
Gender : Male
OS : XP Professional

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on Mon Aug 31, 2009 5:22 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows Police Pro

Post by illegit on Mon Aug 31, 2009 6:36 pm

DDS (Ver_09-07-30.01) - NTFSx86
Run by Larry Chung at 11:32:21.85 on Mon 08/31/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.81 [GMT -7]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\svchasts.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Larry Chung\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\larryc~1\applic~1\mozilla\firefox\profiles\csfclhpp.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-1-5 40840]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-15 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-14 130936]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-1-5 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-1-5 81288]
R2 AntipPro2009_100;AntipyProex;c:\windows\svchasts.exe [2009-8-31 163840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-10-9 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-10-9 1095560]
S2 eyzhqqng;Universal Image;c:\windows\system32\svchost.exe -k netsvcs [2006-3-20 14336]

=============== Created Last 30 ================

2009-08-31 09:22 a-d----- c:\windows\system32\images
2009-08-31 07:12 163,840 a------- c:\windows\svchasts.exe
2009-08-31 07:12 440,320 a------- c:\windows\system32\desote.exe
2009-08-31 07:10 --d----- c:\program files\Windows Police Pro
2009-08-29 15:21 --d----- c:\docume~1\larryc~1\applic~1\Logs
2009-08-15 18:16 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-15 17:35 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-15 17:34 -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-15 16:33 --d----- c:\docume~1\larryc~1\applic~1\Malwarebytes
2009-08-15 16:33 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 16:33 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-15 16:33 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 16:33 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-13 01:15 --d----- c:\windows\ServicePackFiles
2009-08-13 01:09 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 01:03 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-08-05 02:11 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-26 08:59 668,160 a------- c:\windows\system32\wininet.dll
2009-06-26 08:59 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 00:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2007-06-23 13:25 167 a------- c:\program files\INSTALL.LOG
2009-03-21 07:18 161,768 a--shr-- c:\windows\system32\bmkme.dll

============= FINISH: 11:33:59.23 ===============
Theres the DDS

Edit: And i actually had another quesiton. I believe my travel drive is infected and im scared if i plug it back into the laptop it would cause the infection all over again. How am i suppose to clean malware from there? Thanks!

illegit
Novice
Novice

Status :
Online
Offline

Posts : 44
Joined : 2009-08-03
Gender : Male
OS : XP Professional

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on Tue Sep 01, 2009 5:32 pm

Hello.
Plug in the infected drive anyway, we'll clean that at the same time.

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows Police Pro

Post by illegit on Tue Sep 01, 2009 7:39 pm

Okay. The tavel drive is plugged in and here is the log from the combofix:

ComboFix 09-08-31.04 - Larry Chung 09/01/2009 11:49.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.30 [GMT -7:00]
Running from: c:\documents and settings\Larry Chung\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\emMON.exe
c:\windows\system32\drivers\kbiwkmmqwwkmoy.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kbiwkmesrteidr.dat
c:\windows\system32\kbiwkmivkyprub.dat
c:\windows\system32\kbiwkmmylthwbw.dll
c:\windows\system32\kbiwkmwfuvoqxy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmjsgmtilr
-------\Legacy_kbiwkmjsgmtilr
-------\Legacy_ANTIPPRO2009_100
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-08-31 14:12 . 2009-08-31 14:12 163840 ----a-w- c:\windows\svchasts.exe
2009-08-31 14:12 . 2009-08-31 16:40 440320 ----a-w- c:\windows\system32\desote.exe
2009-08-31 14:10 . 2009-08-31 17:02 -------- d-----w- c:\program files\Windows Police Pro
2009-08-29 22:21 . 2009-08-29 22:21 -------- d-----w- c:\documents and settings\Larry Chung\Application Data\Logs
2009-08-16 01:16 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-16 00:35 . 2009-08-16 00:35 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-16 00:35 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-16 00:34 . 2009-08-16 00:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-16 00:34 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-15 23:33 . 2009-08-15 23:33 -------- d-----w- c:\documents and settings\Larry Chung\Application Data\Malwarebytes
2009-08-15 23:33 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 23:33 . 2009-08-15 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 23:33 . 2009-08-15 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-15 23:33 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 08:15 . 2009-08-13 08:15 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 08:03 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 19:02 . 2008-01-05 10:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-01 00:40 . 2008-01-05 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-27 14:45 . 2008-01-05 10:52 -------- d-----w- c:\program files\Spyware Doctor
2009-08-16 00:33 . 2008-01-10 04:56 -------- d-----w- c:\program files\Lavasoft
2009-08-16 00:33 . 2008-01-10 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 23:06 . 2008-01-10 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 09:11 . 2006-03-20 16:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2006-03-20 16:48 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-03-20 16:50 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 15:59 . 2006-03-20 16:49 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2006-03-20 16:48 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2006-03-20 16:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2006-03-20 16:48 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2006-03-20 16:49 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2006-03-20 16:48 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2006-03-20 16:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2006-03-20 18:05 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2006-03-20 16:49 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-03-21 14:18 . 2006-03-20 16:48 161768 --sha-r- c:\windows\system32\bmkme.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-03 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-10 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-18 185896]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-20 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8793:TCP"= 8793:TCP:BitComet 8793 TCP
"8793:UDP"= 8793:UDP:BitComet 8793 UDP
"24776:TCP"= 24776:TCP:BitComet 24776 TCP
"24776:UDP"= 24776:UDP:BitComet 24776 UDP
"6294:TCP"= 6294:TCP:lxtxw

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/15/2009 5:35 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2009 10:41 AM 130936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/9/2008 10:52 AM 348752]
S2 eyzhqqng;Universal Image;c:\windows\system32\svchost.exe -k netsvcs [3/20/2006 9:49 AM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eyzhqqng
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-05 15:46]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Larry Chung\Application Data\Mozilla\Firefox\Profiles\csfclhpp.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-01 12:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eyzhqqng]
"ServiceDll"="c:\windows\system32\bmkme.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3148)
c:\windows\system32\TDispVol.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Doctor\pctsSvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-09-01 12:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 19:08

Pre-Run: 43,482,005,504 bytes free
Post-Run: 43,817,664,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

226 --- E O F --- 2009-08-27 06:11

illegit
Novice
Novice

Status :
Online
Offline

Posts : 44
Joined : 2009-08-03
Gender : Male
OS : XP Professional

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on Wed Sep 02, 2009 12:29 am

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
eyzhqqng

File::
c:\windows\svchasts.exe
c:\windows\system32\desote.exe

Folder::
c:\program files\Windows Police Pro

DirLook::
c:\documents and settings\Larry Chung\Application Data\Logs

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6294:TCP"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eyzhqqng]

Netsvc::
eyzhqqng

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows Police Pro

Post by illegit on Wed Sep 02, 2009 6:10 pm

ComboFix 09-09-01.07 - Larry Chung 09/02/2009 10:18.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.160 [GMT -7:00]
Running from: c:\documents and settings\Larry Chung\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Larry Chung\Desktop\CFScript.txt

FILE ::
"c:\windows\svchasts.exe"
"c:\windows\system32\desote.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\windows\svchasts.exe
c:\windows\system32\desote.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EYZHQQNG
-------\Service_eyzhqqng


((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-08-29 22:21 . 2009-08-29 22:21 -------- d-----w- c:\documents and settings\Larry Chung\Application Data\Logs
2009-08-16 01:16 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-16 00:35 . 2009-08-16 00:35 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-16 00:35 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-16 00:34 . 2009-08-16 00:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-15 23:33 . 2009-08-15 23:33 -------- d-----w- c:\documents and settings\Larry Chung\Application Data\Malwarebytes
2009-08-15 23:33 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 23:33 . 2009-08-15 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-15 23:33 . 2009-08-15 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-15 23:33 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 08:15 . 2009-08-13 08:15 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 08:03 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 17:30 . 2008-01-05 10:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-02 01:41 . 2008-01-05 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-27 14:45 . 2008-01-05 10:52 -------- d-----w- c:\program files\Spyware Doctor
2009-08-16 00:33 . 2008-01-10 04:56 -------- d-----w- c:\program files\Lavasoft
2009-08-16 00:33 . 2008-01-10 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-15 23:06 . 2008-01-10 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 09:11 . 2006-03-20 16:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2006-03-20 16:48 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2006-03-20 16:50 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 15:59 . 2006-03-20 16:49 668160 ------w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2006-03-20 16:48 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-16 14:55 . 2006-03-20 16:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2006-03-20 16:48 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2006-03-20 16:49 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2006-03-20 16:48 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2006-03-20 16:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2006-03-20 18:05 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-03-21 14:18 . 2006-03-20 16:48 161768 --sha-r- c:\windows\system32\bmkme.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Larry Chung\Application Data\Logs ----

2009-08-29 22:21 . 2009-08-29 22:21 628 ----a-w- c:\documents and settings\Larry Chung\Application Data\Logs\scns.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-03 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-10 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-18 185896]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-20 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8793:TCP"= 8793:TCP:BitComet 8793 TCP
"8793:UDP"= 8793:UDP:BitComet 8793 UDP
"24776:TCP"= 24776:TCP:BitComet 24776 TCP
"24776:UDP"= 24776:UDP:BitComet 24776 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/15/2009 5:35 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2009 10:41 AM 130936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 7:49 AM 1029456]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/9/2008 10:52 AM 348752]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-05 15:46]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Larry Chung\Application Data\Mozilla\Firefox\Profiles\csfclhpp.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-02 10:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1320)
c:\windows\system32\TDispVol.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Doctor\pctsSvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-09-02 10:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-02 17:37
ComboFix2.txt 2009-09-01 19:08

Pre-Run: 43,426,045,952 bytes free
Post-Run: 43,806,236,672 bytes free

214 --- E O F --- 2009-08-27 06:11

illegit
Novice
Novice

Status :
Online
Offline

Posts : 44
Joined : 2009-08-03
Gender : Male
OS : XP Professional

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on Wed Sep 02, 2009 7:35 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 3
    LimeWire 4.16.7
    Windows Police Pro

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows Police Pro

Post by illegit on Wed Sep 02, 2009 9:30 pm

There was no window police pro on the list and what if i wanted to run stuff in java ? would that mean i would have to re-install java again? Right now the laptop is running smoothly and back to normal. Thanks a bunch for your help

illegit
Novice
Novice

Status :
Online
Offline

Posts : 44
Joined : 2009-08-03
Gender : Male
OS : XP Professional

View user profile

Back to top Go down

Re: Windows Police Pro

Post by Belahzur on Wed Sep 02, 2009 10:05 pm

Yes, but we need to install the updated version of Java.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "This special release provides a few key fixes.".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe that you downloaded to install the newest version.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum