NAV can not blcok Windows Police Pro

Why am I paying for Norton Antivirus when they cannot block this crap? Right after Windows Police Pro downloaded itself and began wrecking havoc on my computer, NAV did a scheduled scan and found nothing. This is my second go-around with this virus (with Norton up to date) so I already had Malwarebytes installed. I ran 3 scans with Malwarebytes and these are the log files:

 

   First Scan:Malwarebytes' Anti-Malware 1.41Database version: 2837Windows 5.1.2600 Service Pack 3 (Safe Mode) 9/21/2009 11:05:21 AMmbam-log-2009-09-21 (11-05-21).txt Scan type: Full Scan (C:\|)Objects scanned: 33300Time elapsed: 6 minute(s), 52 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 16Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 1 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\toolbar.tb (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\toolbar.tb.1 (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{8eee58d5-130e-4cbd-9c83-35a0564ea119} (Adware.Bargain.Buddy) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0b63-1535-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected:(No malicious items detected) Registry Data Items Infected:HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINNT\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully. Folders Infected:(No malicious items detected) Files Infected:C:\WINNT\system32\dddesot.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.  Second Scan:

Malwarebytes' Anti-Malware 1.41

Database version: 2837

Windows 5.1.2600 Service Pack 3 (Safe Mode)

 

9/21/2009 11:23:45 AM

mbam-log-2009-09-21 (11-23-45).txt

 

Scan type: Quick Scan

Objects scanned: 115136

Time elapsed: 11 minute(s), 27 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 10

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippolice_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippolice_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippolice_ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINNT\svchast.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINNT\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\system32\desot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINNT\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully. Third scan:

alwarebytes' Anti-Malware 1.41

Database version: 2971

Windows 5.1.2600 Service Pack 3

 

10/16/2009 11:01:44 AM

mbam-log-2009-10-16 (11-01-44).txt

 

Scan type: Quick Scan

Objects scanned: 121592

Time elapsed: 18 minute(s), 53 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINNT\system32\pump.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

C:\WINNT\system32\gasfkyfowjuwvn.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINNT\system32\gasfkynucswdsf.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINNT\system32\gasfkytlesyokb.dll (Rootkit.TDSS) -> Delete on reboot.

C:\WINNT\system32\drivers\gasfkyaplhdkro.sys (Rootkit.TDSS) -> Delete on reboot.

C:\WINNT\Temp\gasfkywipyycdecw.tmp (Rootkit.TDSS) -> Delete on reboot.

C:\WINNT\system32\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINNT\system32\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

[edit: Changed subject to reflect moved post.]

Message Edited by shannons on 10-16-2009 02:25 PM