Windows Police Pro

Hello and thank you in advance for your help. On September 23rd, my PC became infected with Windows Police Pro. It never acted like it was scanning and did not disable task manager, but I couldn't find any of the processes the guide (on bleeping computer) referred to (svhast.exe, Windows Police Pro). It just blocked my executables, registry, etc. When I booted in safe mode, I was able to download Malwarebytes and successfully run it after choosing "run as" and then unchecking the "protect my computer and data from unauthorized program activity" box. I don't know if any of this information is helpful, but I thought I'd put it out there. Malwarebytes found something like 132 infections, but was only able to delete about 16 of them. I have pasted the dds log and have attached the Attach, HJT and Ark.txt. I should mention that I renamed one of the folders under Windows Police Pro to "Virusstuff" in an attempt to delete the files (didn't work). I am able to run programs now, but I get redirected to junk sites when doing searches on the Internet so I know it stuck around. Also, when running rootrepeal, I get an error that states "Could not enumerate files in dir\'\\?\C:\program files\windows police pro\virusstuf\ton.and\*\, with the Windows API! Error code - 0x00000003"


DDS (Ver_09-09-24.01) - FAT32x86 NETWORK
Run by Natalie at 17:16:02.34 on Sat 09/26/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.746 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Natalie.R4G3A7\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.igoogle.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\natalie.r4g3a7\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [USRpdA] c:\windows\system32\usrmlnka.exe runservices \device\3cpipe-USRpdA
mRun: [SystemTray] SysTray.Exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [DropBoxUtility] "c:\program files\dropbox\dropbox\DropBox.exe" /s
mRun: [QUICKCARE] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QUICKCARE
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {995E21AF-8F60-4DFB-A9DF-86A8A5D71458} - c:\documents and settings\natalie\local settings\application data\difolders software\blogjet\blogthis.js
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/223ad57a67037bf68720/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140488657578
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144381990312
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://sl-vpn.sl-tech.net/NELX.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://networksolutionsemailpopwizard.com/TrueSwitchEC.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-27 108552]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2008-1-16 19376]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-27 335240]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-1 27784]
S2 AntipPolice_;AntiPol;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 297752]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-6-3 120168]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-4-12 23552]
S3 Tapiecm;Tapiecm; [x]

=============== Created Last 30 ================

2009-09-26 17:06 <DIR> --d----- c:\program files\Trend Micro
2009-09-26 09:01 <DIR> --d----- c:\program files\SonicWALL
2009-09-24 18:16 <DIR> --d----- c:\docume~1\natali~1.r4g\applic~1\Malwarebytes
2009-09-24 18:16 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 18:16 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-24 18:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 18:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-23 20:20 <DIR> --d----- c:\program files\Windows Police Pro
2009-09-23 13:32 298,496 a------- c:\windows\system32\SETD.tmp
2009-09-23 13:32 168,448 a------- c:\windows\system32\SETB.tmp
2009-09-23 13:32 133,632 a------- c:\windows\system32\SETC.tmp
2009-09-23 13:32 59,392 a------- c:\windows\system32\SET9.tmp
2009-09-23 13:32 56,320 a------- c:\windows\system32\SETA.tmp
2009-09-22 18:06 <DIR> --dsh--- C:\FOUND.146
2009-09-20 22:27 268 a---h--- C:\sqmdata12.sqm
2009-09-20 22:27 244 a---h--- C:\sqmnoopt12.sqm
2009-09-20 08:48 <DIR> --dsh--- C:\FOUND.145
2009-09-19 10:28 5 a------- c:\windows\system32\Band4
2009-09-19 10:28 6 a------- c:\windows\system32\ClassU
2009-09-17 21:33 268 a---h--- C:\sqmdata11.sqm
2009-09-17 21:33 244 a---h--- C:\sqmnoopt11.sqm
2009-09-17 10:27 <DIR> --dsh--- C:\FOUND.144
2009-09-16 19:44 268 a---h--- C:\sqmdata10.sqm
2009-09-16 19:44 244 a---h--- C:\sqmnoopt10.sqm
2009-09-13 08:22 <DIR> --dsh--- C:\FOUND.143
2009-09-10 21:07 268 a---h--- C:\sqmdata09.sqm
2009-09-10 21:07 244 a---h--- C:\sqmnoopt09.sqm
2009-09-10 07:24 <DIR> --dsh--- C:\FOUND.142
2009-09-08 14:34 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-07 08:17 <DIR> --dsh--- C:\FOUND.141
2009-09-03 23:27 268 a---h--- C:\sqmdata08.sqm
2009-09-03 23:27 244 a---h--- C:\sqmnoopt08.sqm
2009-09-02 17:46 268 a---h--- C:\sqmdata07.sqm
2009-09-02 17:46 244 a---h--- C:\sqmnoopt07.sqm
2009-09-01 20:59 <DIR> --dsh--- C:\FOUND.140
2009-09-01 20:54 268 a---h--- C:\sqmdata06.sqm
2009-09-01 20:54 244 a---h--- C:\sqmnoopt06.sqm
2009-08-30 08:45 <DIR> --dsh--- C:\FOUND.139
2009-08-29 07:08 <DIR> --dsh--- C:\FOUND.138
2009-08-28 21:57 268 a---h--- C:\sqmdata05.sqm
2009-08-28 21:57 244 a---h--- C:\sqmnoopt05.sqm
2009-08-27 20:54 268 a---h--- C:\sqmdata04.sqm
2009-08-27 20:54 244 a---h--- C:\sqmnoopt04.sqm

==================== Find3M ====================

2009-08-16 09:06 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-16 09:06 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-13 08:16 512,000 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 06:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 06:33 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 04:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 01:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 01:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 01:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2006-04-06 21:11 16,817,176 a------- c:\program files\avg71free_375a703.exe
2005-01-11 21:42 266 ---sh--- c:\program files\desktop.ini
2005-01-11 21:42 11,079 ----h--- c:\program files\folder.htt
2007-05-02 17:28 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys
2007-05-02 17:28 88 ---shr-- c:\windows\system32\DE8D21A185.sys

============= FINISH: 17:16:31.98 ===============

This topic can be closed. I just reformatted my hard drive since it needed it anyway. Thanks!

Since this topic appears to be resolved, I will now close it. Thanks for letting us know.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
_temp_