Windows Police Pro removal attempt caused computer not to boot in normal mode

[pkarsh]

I ran Combo-Fix. I stepped away from the computer for a few minutes and when I came back it appeared to have rebooted in Normal mode! Progress! The bad news is that I didn't get the log. How should I proceed? Should I run Combo-Fix again to try to get the log? I see that when I logged in I got some messages about "bad boy" dll's not found (e. g. kukolare.dll) so I know I'm not out of the woods yet by any means.

Also, would it be a good thing for me to create a boot.ini file? I have seen the text of a sample on the Web and it looks pretty straightforward.

Thanks for your help so far.

Paul K.

[evilfantasy]

Also, would it be a good thing for me to create a boot.ini file?

No! Please don't do anything until we get this sorted out.

Look in C:\Combofix.txt and see if the log is there.

If not, run Combo-Fix again. It should produce a log this time.

[pkarsh]

Here is the log!!

Keep in mind that as this is the 2nd execution of ComboFix you might not see some things you were expecting or hoping to see deleted. In particular I didn't see stuff being deleted from c:\windows\system32\schtml . In fact the reason I walked away from the computer last night was to go to another computer to find out what schtml was.

Thanks for your help and for bearing with me.


[Saving space, attachment deleted by admin]

[evilfantasy]

Delete Combo-Fix from your desktop and download a new copy. BUT don not rename it this time!

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
c:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[pkarsh]

Here is the log.


[Saving space, attachment deleted by admin]

[evilfantasy]

Ok we are looking good now.

Let's do some cleanup and a final scan to make sure nothing was missed.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. 
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[pkarsh]

Here is the ESET scan log


[Saving space, attachment deleted by admin]

[evilfantasy]

Looks good. How is the computer running now?

[pkarsh]

It comes up in Normal mode OK and I don't think I'm getting any errors when I log in. I think my Norton Internet Security is seriously compromised as the icon is not in the startup tray or whatever that thing is called on the bottom right corner. When I select it from the menu or the desktop nothing happens. When I select Norton SystemWorks a box comes up that says something to the effect that the installation is corrupted and that I should uninstall it. I also notice that my screen saver isn't running, that is, my desktop is still showing after the computer has been sitting for several hours. I disconnected the network cable as soon as I was done with your instructions as I am concerned about not having a good antivirus installation (even though it didn't exactly come through in the clutch for me before).

I have been out since very early this morning and so I haven't looked at my computer today. I am thinking that I will try reconfiguring my screen saver to see if that makes it work. I will then try to uninstall my Norton SystemWorks as it says to do. I will then disconnect from the network if I am connected and uninstall my Norton Internet Security. I will then reinstall these products.

Does this sound reasonable? Also, is there a product you would recommend if someone wants to do a one-time scan for viruses and malware when they are not seeing any symptoms of infection?

Thanks you very very much for your help. Is there something I could do like making a token donation or something?

Regards,
Paul Karsh

[evilfantasy]

Yes reinstall Norton. Any other computer problems (non-malware) will need to be addressed in the Windows forum.

Here are a few more suggestions..

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[pkarsh]

OK. Thanks again for your help! I think I'm pretty much up-to-date on Windows updates (SP3+). I assume that after I reinstall Norton I'm good to go and can then work with the other products you suggested.

Paul K.