SpyWare BeWare! ASAP
May 28, 2017, 11:34:40 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1] 2 3 ... 8   Go Down
  Print  
Author Topic: [RESOLVED]help removing window police pro mess  (Read 14100 times)
0 Members and 1 Guest are viewing this topic.
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« on: August 31, 2009, 07:48:07 PM »

Hello, not sure how but this windows police pro had infected my laptop. tons of popups. wont let me open anything other than the internet. i immediately ran malwarebyte, after scan clicked remove all and was prompted to reboot. upon rebooting, still having same problem. will not allow me to access taskmgr, add/remove program or the regedit. school starts back tomorrow so as you can guess...im a little stressed. please help.
Logged
jmw3
ASAP Members
Jr. Member
**
Offline Offline

Date Registered:January 05, 2009, 09:54:50 AM
Posts: 59



« Reply #1 on: September 01, 2009, 05:19:01 AM »

Hello & Welcome to SpyWare BeWare

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Options, then click Track this topic. Make sure it is set to Immediate Email Notification, then click Proceed.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download gmer.zip from Gmer here & save it to your desktop.
  • Right click on gmer.zip, select Extract All... & extract the contents to your desktop
  • Double click the Gmer.exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
Logged


Teacher, Malware Removal University - You too could train to help others
Member - Alliance of Security Analysis Professionals , UNITE
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #2 on: September 02, 2009, 08:47:04 AM »

I have received your response. I had work and school last night. I will attempt to follow the instructions below when I get home tonight. thank you!
Logged
jmw3
ASAP Members
Jr. Member
**
Offline Offline

Date Registered:January 05, 2009, 09:54:50 AM
Posts: 59



« Reply #3 on: September 02, 2009, 10:36:18 AM »

Ok.... no worries  
Logged


Teacher, Malware Removal University - You too could train to help others
Member - Alliance of Security Analysis Professionals , UNITE
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #4 on: September 02, 2009, 07:25:31 PM »

i can't get past the first step. i saved it to my desktop but when i try to open it that darn police pro makes a pop come up that says error c:\windows\system32\cmd.exe\kdds.cmd.....i am blocked from opening up any exe files it seems.
Logged
jmw3
ASAP Members
Jr. Member
**
Offline Offline

Date Registered:January 05, 2009, 09:54:50 AM
Posts: 59



« Reply #5 on: September 02, 2009, 07:42:08 PM »

Hi

What about Gmer? Did you have any luck with that?

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.

Double-click on this file and post the contents as a reply to this topic.
Logged


Teacher, Malware Removal University - You too could train to help others
Member - Alliance of Security Analysis Professionals , UNITE
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #6 on: September 02, 2009, 07:46:07 PM »

error message: c:\windows\explorer.exe" c:documents and settings\northern homes\desktop\gmer
Logged
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #7 on: September 02, 2009, 07:47:07 PM »

that link doesnt work
Logged
jmw3
ASAP Members
Jr. Member
**
Offline Offline

Date Registered:January 05, 2009, 09:54:50 AM
Posts: 59



« Reply #8 on: September 02, 2009, 08:57:19 PM »

Hi

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Rename ComboFix.exe to commy.com BEFORE saving to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
Logged


Teacher, Malware Removal University - You too could train to help others
Member - Alliance of Security Analysis Professionals , UNITE
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #9 on: September 02, 2009, 09:42:12 PM »

i did this but none of what was supposed to happen in the instructions happened. i got the user agreement but it did not look like the one above. i got a msdos screen that loaded in stages then it said it was removing the virus then it rebooted on its own. upon reboot i was prompted to select a file to open cf19781.exe but i bypassed it because i wasnt sure what to do and i needed to close it in order for windows to load so that i can get back onto the internet.
Logged
jmw3
ASAP Members
Jr. Member
**
Offline Offline

Date Registered:January 05, 2009, 09:54:50 AM
Posts: 59



« Reply #10 on: September 02, 2009, 10:40:55 PM »

So what's the status of your computer now? Was a log created? See if there is a log created at C:\ComboFix.txt. If so post the contents of the log.
Logged


Teacher, Malware Removal University - You too could train to help others
Member - Alliance of Security Analysis Professionals , UNITE
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #11 on: September 03, 2009, 12:42:31 PM »

the police pro seems to be gone but i could not find the log anywhere. what should i do next?
Logged
jmw3
ASAP Members
Jr. Member
**
Offline Offline

Date Registered:January 05, 2009, 09:54:50 AM
Posts: 59



« Reply #12 on: September 03, 2009, 01:36:11 PM »

Hi

Could you run ComboFix again for me please & post the contents of the log when it finishes.
Logged


Teacher, Malware Removal University - You too could train to help others
Member - Alliance of Security Analysis Professionals , UNITE
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #13 on: September 03, 2009, 03:31:30 PM »

ok i will do it now. i have an hour before i have to leave for school. i still cant open .exe  so theres stil something wrong.
Logged
stressedstudent
Jr. Member
**
Offline Offline

Date Registered:April 17, 2009, 08:43:05 AM
Posts: 76


« Reply #14 on: September 03, 2009, 03:50:10 PM »

ComboFix 09-09-03.02 - Northern Home 09/03/2009 16:37.3.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.502.240 [GMT -4:00]
Running from: c:\documents and settings\Northern Home\Desktop\commy.com
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\NORTHE~1\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\NORTHE~1\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\All Users\Application Data\ejoketek.com
c:\documents and settings\All Users\Documents\akosocejy.vbs
c:\documents and settings\Northern Home\Application Data\hepo._dl
c:\documents and settings\Northern Home\Application Data\ikifaguce.dll
c:\documents and settings\Northern Home\Cookies\axojow.pif
c:\documents and settings\Northern Home\Cookies\syvifama.scr
c:\documents and settings\Northern Home\Local Settings\Temporary Internet Files\bynux.scr
c:\documents and settings\Northern Home\Local Settings\Temporary Internet Files\guwylugi.scr
c:\documents and settings\Northern Home\Local Settings\Temporary Internet Files\irahevevys.bat
C:\enurmyv.exe
C:\fyblb.exe
C:\p2hhr.bat
c:\program files\Common Files\gybisa.sys
c:\program files\Common Files\qazisylujy.inf
c:\program files\Shared
c:\program files\Shared\lib.sig
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\negosypore.dll
c:\windows\pafijiv._dl
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\bennuar.old
c:\windows\system32\berudeb.dl
c:\windows\system32\bincd32.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\desote.exe
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\onhelp.htm
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\tapi.nfo
c:\windows\system32\wisdstr.exe
c:\windows\system32\wispex.html
c:\windows\system32\xwreg32.dll
c:\windows\system32\yomoviya.dll
c:\windows\ynic.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPPRO2009_100
-------\Service_AntipPro2009_100


(((((((((((((((((((((((((   Files Created from 2009-08-03 to 2009-09-03  )))))))))))))))))))))))))))))))
.

2009-09-02 23:03 . 2009-09-02 23:03   --------   d-sh--w-   C:\FOUND.001
2009-08-31 22:55 . 2009-08-31 22:55   163840   ----a-w-   c:\windows\svchasts.exe
2009-08-31 22:52 . 2009-08-31 22:52   16638   ----a-w-   c:\windows\system32\doqo.com
2009-08-31 22:52 . 2009-08-31 22:52   15953   ----a-w-   c:\windows\zopedaka.com
2009-08-31 22:52 . 2009-08-31 22:52   15688   ----a-w-   c:\program files\Common Files\dezi.dat
2009-08-31 22:52 . 2009-08-31 22:52   15050   ----a-w-   c:\windows\system32\fyki.com
2009-08-31 22:52 . 2009-08-31 22:52   17248   ----a-w-   c:\windows\hujupoce.dat
2009-08-31 22:52 . 2009-08-31 22:52   14272   ----a-w-   c:\windows\xufo.com
2009-08-31 22:52 . 2009-08-31 22:52   13887   ----a-w-   c:\program files\Common Files\motu.dat
2009-08-31 22:39 . 2009-08-31 22:39   97280   ----a-w-   C:\tujfbtrj.exe
2009-08-31 22:39 . 2009-08-31 22:39   204004   ----a-w-   C:\svfp.exe
2009-08-31 22:36 . 2009-08-31 22:36   17920   ----a-w-   C:\osps.exe
2009-08-31 22:36 . 2009-08-31 22:36   21504   ----a-w-   C:\emxtqjit.exe
2009-08-26 23:28 . 2009-08-26 23:28   --------   d-----w-   c:\program files\Snapshot Viewer
2009-08-13 01:14 . 2009-07-10 13:27   1315328   ------w-   c:\windows\system32\dllcache\msoe.dll
2009-08-07 22:46 . 2009-08-07 22:46   --------   d-sh--w-   C:\FOUND.000
2009-08-07 20:45 . 2009-08-07 20:45   --------   d-----w-   c:\documents and settings\Northern Home\Local Settings\Application Data\Temp
2009-08-07 20:44 . 2009-08-07 20:44   --------   d-----w-   c:\documents and settings\Northern Home\Local Settings\Application Data\Google
2009-08-05 09:01 . 2009-08-05 09:01   204800   ------w-   c:\windows\system32\dllcache\mswebdvd.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 22:52 . 2009-08-31 22:52   14065   ----a-w-   c:\program files\Common Files\togisozad.lib
2009-08-05 09:01 . 2005-03-30 15:38   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-03-30 15:37   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-13 14:08 . 2005-03-30 15:39   286720   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2005-03-30 15:38   666624   ----a-w-   c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2005-03-30 15:38   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-06-25 08:25 . 2009-02-22 02:33   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2009-02-22 02:33   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2009-02-22 02:33   147456   ----a-w-   c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-03-30 15:38   54272   ----a-w-   c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-03-30 15:38   56832   ----a-w-   c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-03-30 15:38   301568   ----a-w-   c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2009-02-22 02:32   92928   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2005-03-30 15:38   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-03-30 15:38   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-03-30 15:38   76288   ----a-w-   c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2005-03-30 15:37   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2005-03-30 15:51   2066432   ----a-w-   c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2009-02-22 02:32   132096   ----a-w-   c:\windows\system32\wkssvc.dll
2006-02-18 04:44 . 2006-02-18 04:44   34164437   ----a-w-   c:\program files\NAV061220.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"AbacastDistributedOnDemand:11"="c:\documents and settings\Northern Home\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712]
"Google Update"="c:\documents and settings\Northern Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-07 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-06-09 1695744]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]
"NAV CfgWiz"="c:\program files\Norton AntiVirus\CfgWiz.exe" [2006-02-02 120512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Photo Loader supervisory.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2006-6-25 229376]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Northern Home\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 6:49 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/19/2006 8:48 PM 109616]
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Northern Home.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-02-05 16:13]

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3925744342-3375450575-3981160598-1005Core.job
- c:\documents and settings\Northern Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-07 20:47]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: ccp.edu\myccp
.
.
------- File Associations -------
.
exefile=c:\windows\system32\desote.exe "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 16:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-03 16:48
ComboFix-quarantined-files.txt  2009-09-03 20:48

Pre-Run: 16,013,852,672 bytes free
Post-Run: 15,977,938,944 bytes free

273   --- E O F ---   2009-08-28 00:00
Logged
Pages: [1] 2 3 ... 8   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!