Police Pro and AntiVirus Pro

View previous topic View next topic Go down

Police Pro and AntiVirus Pro

Post by jess9979 on Sun Sep 27, 2009 9:35 pm

Hello. My computer has contracted at least these two malware programs. I went to the removal guide but when I try to download malwarebytes, it just asks me what program I want it to run with and recommends adobe. I tried the download button and the "if you are having problems". Can you help please?

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Sun Sep 27, 2009 9:37 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Sun Sep 27, 2009 9:52 pm

Same thing - when I try to download Hijack This, and click "RUN" a window opens to ask me what program I want to use.

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Sun Sep 27, 2009 11:43 pm

Please download [You must be registered and logged in to see this link.]

  • Before running it, right click it, and remove the ".com" extension and change it to ".scr"
  • Double-click on exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Sun Sep 27, 2009 11:54 pm

When I tried to right click (I wasn't exactly sure when or where) it ran, the black window popped up and I got this:
xeHelper by Raktor - 09
Build 20090925
Run at 19:50:58 on 09/27/09
Now searching...
Checking for numerical processes...
Deleting file C:\Documents and Settings\All Users\Application Data\11818124\11818124.exe
Deleting file C:\Documents and Settings\All Users\Application Data\11818124\11818124
Deleting file C:\Documents and Settings\All Users\Application Data\11818124\pc11818124ins
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\11818124
Checking for bad processes...
Killed process psystem.exe
Killed process wscsvc32.exe
Checking for bad files...
Deleting file C:\WINDOWS\system32\wscsvc32.exe
Error deleting C:\WINDOWS\system32\wscsvc32.exe
Deleting file C:\WINDOWS\system32\41.exe
Deleting file C:\Program Files\Windows Police Pro\Windows Police Pro.exe
Deleting file C:\Program Files\protection system\psystem.exe
Deleting file C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe
Deleting file C:\Documents and Settings\Jessica\Desktop\Windows Police Pro.lnk
Deleting file C:\Documents and Settings\Jessica\Desktop\AntivirusPro_2010.lnk
Checking for bad registry entries...
Removing HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced Virus Remover
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Is that o.k.?

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Sun Sep 27, 2009 11:56 pm

Yep.
Can you run Hijack This now? exeHelper has restored the damaged registry value for exe files.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Mon Sep 28, 2009 12:06 am

Yes, it ran. Thank you. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:59 PM, on 9/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jessica\LOCALS~1\Temp\csrss.exe
C:\DOCUME~1\Jessica\LOCALS~1\Temp\taskmgr.exe
C:\DOCUME~1\Jessica\LOCALS~1\Temp\debug.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: C:\WINDOWS\system32\nzfiu3h78di.dll - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\nzfiu3h78di.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [sabukivuw] Rundll32.exe "c:\windows\system32\norefose.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Jessica\Application Data\svcst.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Jessica\protect.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Login Software 2009] C:\DOCUME~1\Jessica\LOCALS~1\Temp\nj42n0.exe
O4 - HKCU\..\Run: [WIndows Rescue Disk] C:\DOCUME~1\Jessica\LOCALS~1\Temp\drweb.exe
O4 - HKCU\..\Run: [Protection System] "C:\Program Files\Protection System\psystem.exe" -noscan
O4 - HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Jessica\LOCALS~1\Temp\taskmgr.exe
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: muzobapu.dll c:\windows\system32\hilozepi.dll c:\windows\system32\norefose.dll
O21 - SSODL: koronepof - {7f19e1c4-6f20-464c-87a4-82d195bd7175} - c:\windows\system32\hilozepi.dll (file missing)
O21 - SSODL: mozitudab - {1236452b-611f-4720-ab75-9e12c7906992} - c:\windows\system32\norefose.dll (file missing)
O22 - SharedTaskScheduler: ksfe98wjkodsngiwiojndg873hundggdd - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\nzfiu3h78di.dll
O22 - SharedTaskScheduler: jugezatag - {7f19e1c4-6f20-464c-87a4-82d195bd7175} - c:\windows\system32\hilozepi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {1236452b-611f-4720-ab75-9e12c7906992} - c:\windows\system32\norefose.dll (file missing)
O23 - Service: AntiPol (antippolice_) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7411 bytes

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Mon Sep 28, 2009 12:09 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: C:\WINDOWS\system32\nzfiu3h78di.dll - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\nzfiu3h78di.dll
    O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
    O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [sabukivuw] Rundll32.exe "c:\windows\system32\norefose.dll",a
    O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Jessica\Application Data\svcst.exe
    O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Jessica\protect.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [Login Software 2009] C:\DOCUME~1\Jessica\LOCALS~1\Temp\nj42n0.exe
    O4 - HKCU\..\Run: [WIndows Rescue Disk] C:\DOCUME~1\Jessica\LOCALS~1\Temp\drweb.exe
    O4 - HKCU\..\Run: [Protection System] "C:\Program Files\Protection System\psystem.exe" -noscan
    O4 - HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Jessica\LOCALS~1\Temp\taskmgr.exe
    O4 - Startup: scandisk.dll
    O4 - Startup: scandisk.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O20 - AppInit_DLLs: muzobapu.dll c:\windows\system32\hilozepi.dll c:\windows\system32\norefose.dll
    O21 - SSODL: koronepof - {7f19e1c4-6f20-464c-87a4-82d195bd7175} - c:\windows\system32\hilozepi.dll (file missing)
    O21 - SSODL: mozitudab - {1236452b-611f-4720-ab75-9e12c7906992} - c:\windows\system32\norefose.dll (file missing)
    O22 - SharedTaskScheduler: ksfe98wjkodsngiwiojndg873hundggdd - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\nzfiu3h78di.dll
    O22 - SharedTaskScheduler: jugezatag - {7f19e1c4-6f20-464c-87a4-82d195bd7175} - c:\windows\system32\hilozepi.dll (file missing)
    O22 - SharedTaskScheduler: jugezatag - {1236452b-611f-4720-ab75-9e12c7906992} - c:\windows\system32\norefose.dll (file missing)
    O23 - Service: AntiPol (antippolice_) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Mon Sep 28, 2009 1:02 am

Hi. I am having a problem downloading Malwarebytes. I can get all the way to where it is installing, abd it says EXTRACTING FILES, gets about two thirds of the way done, and then just freezes. I don't know if it has something to do with the fact that I tried to download it earlier, before you had me run Hijack This, when I was having problems downloading.

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Mon Sep 28, 2009 2:09 am

Hi - I have tried it again and it actually finished but then nothing. It is on my desktop but when I try to launch oropen it, nothing happens.

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Mon Sep 28, 2009 6:21 pm

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Please download [You must be registered and logged in to see this link.] by Rorschach112 to your desktop.

  • Please disable all of your antivirus/firewall before doing this step. [You must be registered and logged in to see this link.] if you don't know how..
  • Double click the program to run it. It will only take around
    several minutes
    to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Mon Sep 28, 2009 7:09 pm

OK- I can't disable my antivirus (McAfee). When I try to run ComboFix it informs me that "McAfee VirusScan" is active. I went to the website provided. It instructs me to go to the icon in the system tray, but I don't have an icon for McAfee there. When I try to open McAfee from the start menu, a McAfee intro screen appears as if the system is starting to open, but then that screen disappears and nothing happens. How do I go about turning off McAfee?
-Thanks

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Mon Sep 28, 2009 11:58 pm

Hello.
You can temporarily uninstall Mcafee, or boot to safe mode and run Combofix in Safe Mode.

I would recommend Safe Mode option if your not comfy with the idea of removing Mcafee, but it's upto you.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Tue Sep 29, 2009 1:45 am

I was able to successfully run ComboFix. Here is the log:

ComboFix 09-09-28.01 - Jessica 09/28/2009 21:25.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.210 [GMT -4:00]
Running from: c:\documents and settings\Jessica\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aoqwlrag.exe
C:\cqfuy.exe
C:\ddqud.exe
c:\docume~1\Jessica\LOCALS~1\Temp\lsass.exe
c:\documents and settings\All Users\Application Data\alohuf.vbs
c:\documents and settings\All Users\Desktop\nudetube.com.lnk
c:\documents and settings\All Users\Desktop\pornotube.com.lnk
c:\documents and settings\All Users\Desktop\youporn.com.lnk
c:\documents and settings\All Users\Documents\ewifebury.inf
c:\documents and settings\All Users\Documents\ytemibi.exe
c:\documents and settings\Jessica\Application Data\exyhazux.vbs
c:\documents and settings\Jessica\Application Data\lizkavd.exe
c:\documents and settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Jessica\Application Data\seres.exe
c:\documents and settings\Jessica\Application Data\svcst.exe
c:\documents and settings\Jessica\Cookies\guqagokid.scr
c:\documents and settings\Jessica\Local Settings\Application Data\nigama.vbs
c:\documents and settings\Jessica\Local Settings\Application Data\unataxype.vbs
c:\documents and settings\Jessica\Local Settings\Application Data\xofoh.inf
c:\documents and settings\Jessica\Local Settings\Temporary Internet Files\osif.db
c:\documents and settings\Jessica\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Jessica\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Jessica\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
C:\hxlqib.exe
C:\p2hhr.bat
C:\pkusq.exe
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\bapulikal.bat
c:\program files\Protection System
c:\program files\Protection System\core.cga
c:\program files\Protection System\coreext.dll
c:\program files\Protection System\firewall.dll
c:\program files\Protection System\help.ico
c:\program files\Protection System\psystem.exe
c:\program files\Protection System\uninstall.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\emusu._dl
c:\windows\Installer\128efd.msi
c:\windows\jymicyh.vbs
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\dahihiwi.exe
c:\windows\system32\doby.scr
c:\windows\system32\drivers\UACotowylvrgi.sys
c:\windows\system32\hafedeku.dll
c:\windows\system32\hopawiki.exe
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kofipulo.dll
c:\windows\system32\lipemeye.exe
c:\windows\system32\muzobapu.dll.tmp
c:\windows\system32\nahilifo.dll
c:\windows\system32\nqpibfqp.dll
c:\windows\system32\nzFIu3h78di.dll
c:\windows\system32\regoyivu.dll
c:\windows\system32\UACafulkrjgxi.dll
c:\windows\system32\UAChbahmplvbb.dll
c:\windows\system32\UACidljljlppf.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkioettftiv.dll
c:\windows\system32\UAClrxubfwqpl.dll
c:\windows\system32\UACmsqrrbjteh.dat
c:\windows\system32\UACtbafbwkqpp.dll
c:\windows\system32\uactmp.db
c:\windows\system32\vafiyene.exe
c:\windows\system32\vasidifu.exe
c:\windows\system32\verazubo.dll.tmp
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wowidezo.dll.tmp
c:\windows\system32\zakisohi.exe
c:\windows\Temp\1654329584.exe
c:\windows\tetybano.pif
C:\yhjj.exe

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_usbdriver
-------\Service_usbdriver


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-28 22:36 . 2009-09-28 22:36 -------- d-----w- c:\documents and settings\Jessica\Application Data\McAfee
2009-09-28 18:36 . 2009-09-28 18:36 -------- d-----w- c:\program files\ERUNT
2009-09-28 00:27 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:27 . 2009-09-28 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 00:27 . 2009-09-28 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 00:27 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 00:03 . 2009-09-28 00:03 -------- d-----w- c:\program files\Trend Micro
2009-09-23 21:25 . 2009-09-28 20:42 1570 ----a-w- c:\windows\system32\nqpibfqp.dat
2009-09-23 21:19 . 2009-09-27 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\11818124
2009-09-23 21:19 . 2009-09-23 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\11818284
2009-09-23 21:19 . 2009-09-23 21:19 155267 ----a-w- c:\windows\system32\vgcdtasa.dll
2009-09-23 20:25 . 2009-09-27 20:42 0 ----a-w- c:\windows\system32\drivers\a0367ed0.sys
2009-09-23 20:23 . 2009-09-23 20:26 22528 --sha-w- c:\windows\system32\calc.dll
2009-09-23 20:22 . 2009-09-23 20:22 143368 ------w- C:\mlhlsvq.exe
2009-09-17 19:18 . 2009-09-17 19:18 -------- d-----w- C:\Webroot
2009-09-13 03:21 . 2005-05-19 18:06 102912 ----a-w- c:\windows\system32\islzma.dll
2009-09-13 03:21 . 2009-09-13 03:21 -------- d-----w- c:\program files\Webroot
2009-09-13 03:21 . 2009-09-13 03:21 -------- d-----w- c:\documents and settings\Jessica\Application Data\Webroot
2009-09-13 03:21 . 2005-07-06 20:16 428032 ----a-w- c:\windows\WRServices.dll
2009-09-04 07:10 . 2009-09-04 07:12 -------- d-----w- C:\18bed3b494b7996a92
2009-09-04 07:09 . 2009-09-04 07:43 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 07:04 . 2009-09-01 07:04 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 01:02 . 2007-08-08 21:21 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-29 01:02 . 2007-08-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 01:02 . 2007-08-08 21:20 -------- d-----w- c:\program files\McAfee
2009-09-28 21:38 . 2007-08-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-27 20:38 . 2009-06-27 20:38 50176 --sha-w- c:\windows\system32\gazizisa.dll
2009-09-23 21:20 . 2009-09-23 21:20 17314 ----a-w- c:\program files\Common Files\ekogep._sy
2009-09-16 20:03 . 2008-08-06 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 03:26 . 2007-08-08 21:43 -------- d-----w- c:\program files\IrfanView
2009-09-12 02:57 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\Jessica\Application Data\Move Networks
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-07-06 2972672]

c:\documents and settings\Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jessica^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Jessica\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/20/2009 7:38 AM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/6/2007 9:18 PM 231424]
S1 a0367ed0;a0367ed0;c:\windows\system32\drivers\a0367ed0.sys [9/23/2009 4:25 PM 0]
S2 antippolice_;AntiPol;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-08 00:39]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-08 17:32]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-08-08 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -

BHO-{142bbaa6-82a0-4375-a9c3-e02096bdff2f} - vujigami.dll
HKCU-Run-Protection System - c:\program files\Protection System\psystem.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-sabukivuw - c:\windows\system32\hutijezu.dll
HKLM-Run-tefehunefu - hafedeku.dll
SharedTaskScheduler-{1236452b-611f-4720-ab75-9e12c7906992} - c:\windows\system32\norefose.dll
SharedTaskScheduler-{931e46ed-0ae0-44cc-be27-173f9d4f4708} - c:\windows\system32\hutijezu.dll
SSODL-mozitudab-{1236452b-611f-4720-ab75-9e12c7906992} - c:\windows\system32\norefose.dll
SSODL-mowigabom-{931e46ed-0ae0-44cc-be27-173f9d4f4708} - c:\windows\system32\hutijezu.dll
AddRemove-protection system - c:\program files\Protection System\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-28 21:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc22.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-09-29 21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 01:41

Pre-Run: 45,570,519,040 bytes free
Post-Run: 46,642,593,792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

337 --- E O F --- 2009-09-09 07:02

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Tue Sep 29, 2009 10:36 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\system32\nqpibfqp.dat
    c:\windows\system32\vgcdtasa.dll
    c:\windows\system32\drivers\a0367ed0.sys
    c:\windows\system32\calc.dll
    C:\mlhlsvq.exe
    c:\windows\system32\gazizisa.dll
    c:\program files\Common Files\ekogep._sy

    Folder::
    c:\documents and settings\All Users\Application Data\11818124
    c:\documents and settings\All Users\Application Data\11818284

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=-
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

    Driver::
    a0367ed0
    antippolice_

    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Tue Sep 29, 2009 11:43 pm

Hello. Here's the log:

ComboFix 09-09-28.01 - Jessica 09/29/2009 19:20.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.110 [GMT -4:00]
Running from: c:\documents and settings\Jessica\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jessica\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active


FILE ::
"C:\mlhlsvq.exe"
"c:\program files\Common Files\ekogep._sy"
"c:\windows\system32\calc.dll"
"c:\windows\system32\drivers\a0367ed0.sys"
"c:\windows\system32\gazizisa.dll"
"c:\windows\system32\nqpibfqp.dat"
"c:\windows\system32\vgcdtasa.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\11818124
c:\documents and settings\All Users\Application Data\11818284
C:\mlhlsvq.exe
c:\program files\Common Files\ekogep._sy
c:\windows\system32\drivers\a0367ed0.sys
c:\windows\system32\gazizisa.dll
c:\windows\system32\nqpibfqp.dat

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_antippolice_
-------\Service_a0367ed0
-------\Service_antippolice_


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 15:30 . 2009-09-29 15:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-29 15:22 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-29 15:22 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\McAfee.com
2009-09-29 15:17 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-28 22:36 . 2009-09-28 22:36 -------- d-----w- c:\documents and settings\Jessica\Application Data\McAfee
2009-09-28 18:36 . 2009-09-28 18:36 -------- d-----w- c:\program files\ERUNT
2009-09-28 00:27 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:27 . 2009-09-28 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 00:27 . 2009-09-28 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 00:27 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 00:03 . 2009-09-28 00:03 -------- d-----w- c:\program files\Trend Micro
2009-09-17 19:18 . 2009-09-17 19:18 -------- d-----w- C:\Webroot
2009-09-13 03:21 . 2005-07-06 20:16 428032 ----a-w- c:\windows\WRServices.dll
2009-09-04 07:10 . 2009-09-04 07:12 -------- d-----w- C:\18bed3b494b7996a92
2009-09-04 07:09 . 2009-09-04 07:43 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 07:04 . 2009-09-01 07:04 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 22:41 . 2007-08-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 18:23 . 2007-08-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 17:37 . 2007-08-08 21:20 -------- d-----w- c:\program files\McAfee
2009-09-29 15:13 . 2007-08-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-16 20:03 . 2008-08-06 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 03:26 . 2007-08-08 21:43 -------- d-----w- c:\program files\IrfanView
2009-09-12 02:57 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\Jessica\Application Data\Move Networks
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-09-29 01:29 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 71462 c:\windows\system32\perfc009.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-29 20:04 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-29 14:58 . 2009-09-29 14:58 53248 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000002\UsrClass.dat
- 2004-08-04 12:00 . 2009-09-29 01:29 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 441692 c:\windows\system32\perfh009.dat
+ 2009-09-29 14:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2009\ERDNT.EXE
+ 2009-09-29 14:58 . 2009-09-29 14:58 3624960 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

c:\documents and settings\Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jessica^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Jessica\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2009 11:26 AM 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/20/2009 7:38 AM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/6/2007 9:18 PM 231424]
.
Contents of the 'Scheduled Tasks' folder

2009-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-08 00:39]

2009-09-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]

2009-09-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-29 19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-29 19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 23:39
ComboFix2.txt 2009-09-29 01:42

Pre-Run: 46,489,882,624 bytes free
Post-Run: 46,496,727,040 bytes free

221 --- E O F --- 2009-09-09 07:02

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Wed Sep 30, 2009 10:15 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    proquota.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Wed Sep 30, 2009 11:07 pm

Hello. Here's the log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:00 on 30/09/2009 by Jessica (Administrator - Elevation successful)

========== filefind ==========

Searching for "proquota.exe"
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --a--- 50176 bytes [20:34 30/08/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

-=End Of File=-

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Thu Oct 01, 2009 12:18 am

Hello.
Thanks for that, nearly done now. Next, an uninstall log.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Thu Oct 01, 2009 12:27 am

Hello again. Here's the results:

Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
AIM 6
AIM Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom 802.11 reƖ LAN Adapter
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
Data Fax SoftModem with SmartCP
ERUNT 1.1j
Garmin Trip and Waypoint Manager v4
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
GRE POWERPREP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Help and Support
HP Software Update
HP User Guides 0001
HP reƖ Assistant 1.01 A2
ImageJ 1.41o
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 2
LimeWire 4.14.10
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.0 - SE
MVision
Quick Launch Buttons 5.10 B2
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
RollerCoaster Tycoon 2 Triple Thrill Pack
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Webshots Desktop
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Zone Deluxe Games

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Thu Oct 01, 2009 10:25 am

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 2
    LimeWire 4.14.10
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe | c:\windows\system32\proquota.exe
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Thu Oct 01, 2009 10:44 pm

Hello. I removed the above programs and ran combofix. Here's the log:

ComboFix 09-09-28.01 - Jessica 10/01/2009 18:32.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.154 [GMT -4:00]
Running from: c:\documents and settings\Jessica\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jessica\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.

2009-10-01 22:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-01 21:43 . 2009-10-01 21:43 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-29 15:30 . 2009-09-29 15:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-29 15:22 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-29 15:22 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\McAfee.com
2009-09-29 15:17 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-28 22:36 . 2009-09-28 22:36 -------- d-----w- c:\documents and settings\Jessica\Application Data\McAfee
2009-09-28 18:36 . 2009-09-28 18:36 -------- d-----w- c:\program files\ERUNT
2009-09-28 00:27 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:27 . 2009-09-28 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 00:27 . 2009-09-28 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 00:27 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 00:03 . 2009-09-28 00:03 -------- d-----w- c:\program files\Trend Micro
2009-09-17 19:18 . 2009-09-17 19:18 -------- d-----w- C:\Webroot
2009-09-13 03:21 . 2005-07-06 20:16 428032 ----a-w- c:\windows\WRServices.dll
2009-09-04 07:10 . 2009-09-04 07:12 -------- d-----w- C:\18bed3b494b7996a92
2009-09-04 07:09 . 2009-09-04 07:43 -------- d-----w- c:\windows\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 21:59 . 2007-08-09 00:54 -------- d-----w- c:\program files\Webshots
2009-10-01 21:41 . 2007-08-08 21:20 -------- d-----w- c:\program files\McAfee
2009-09-30 23:42 . 2007-08-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 18:23 . 2007-08-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 15:13 . 2007-08-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-16 20:03 . 2008-08-06 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 03:26 . 2007-08-08 21:43 -------- d-----w- c:\program files\IrfanView
2009-09-12 02:57 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\Jessica\Application Data\Move Networks
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-09-29 01:29 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-01 22:06 71462 c:\windows\system32\perfc009.dat
+ 2007-08-07 01:11 . 2009-10-01 21:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-08-07 01:11 . 2009-10-01 21:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-30 00:54 . 2009-10-01 21:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-29 14:58 . 2009-09-29 14:58 53248 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000002\UsrClass.dat
+ 2009-10-01 21:43 . 2009-10-01 21:43 53248 c:\windows\ERDNT\AutoBackup\10-1-2009\Users\00000002\UsrClass.dat
- 2004-08-04 12:00 . 2009-09-29 01:29 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-10-01 22:06 441692 c:\windows\system32\perfh009.dat
+ 2009-09-29 14:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2009\ERDNT.EXE
+ 2009-10-01 21:43 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-1-2009\ERDNT.EXE
+ 2009-09-29 14:58 . 2009-09-29 14:58 3624960 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000001\NTUSER.DAT
+ 2009-10-01 21:43 . 2009-10-01 21:43 3624960 c:\windows\ERDNT\AutoBackup\10-1-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

c:\documents and settings\Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jessica^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Jessica\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2009 11:26 AM 210216]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/6/2007 9:18 PM 231424]
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-10-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-08 00:39]

2009-09-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-01 18:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll

- - - - - - - > 'explorer.exe'(1960)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-01 18:41
ComboFix-quarantined-files.txt 2009-10-01 22:41
ComboFix2.txt 2009-09-29 23:39
ComboFix3.txt 2009-09-29 01:42

Pre-Run: 46,365,315,072 bytes free
Post-Run: 46,337,490,944 bytes free

193 --- E O F --- 2009-09-09 07:02

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by Belahzur on Thu Oct 01, 2009 11:52 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Police Pro and AntiVirus Pro

Post by jess9979 on Fri Oct 02, 2009 12:07 am

Everything appears to be running normally again. I really appreciate your help.

jess9979
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-09-27
OS OS : xp
Points Points : 26285
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum