Solved: Help !! I need to find out how to remove a virus

Jon11205 · 26-Feb-2009, 10:24 PM #1

My computer has gotten a virus its called "internet antivirus pro" I have called my computer company and they told me to reset my computer to the factory settings. but I will lose all my info from my computer. is there another way please help.

**Cookiegal** · 26-Feb-2009, 10:28 PM #2

Hi and welcome to TSG,

The General Security forum is only for general questions regarding security software and things of that nature but not for actually removing malware as we have qualified helpers who are the only members who are authorized to assist with those matters. You can easily identify them as they have either a gold or blue shield beside their usernames. Please refer to this excerpt from the rules:

Quote:

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.

I'm going to close this thread and ask you to repost in the Malware Removal & HijackThis Logs forum for the proper assistance.

**Cookiegal** · 26-Feb-2009, 10:46 PM #3

I'll reopen this thread since you're having trouble posting in the Malware Removal forum.

Click here to download HJTsetup.exe.

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

**Cookiegal** · 27-Feb-2009, 09:26 AM #4

I'm sorry I forgot to reopen the thread after posting so I'll copy and paste the HijackThis log that you sent me via e-mail here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:37 PM, on 2/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Antivirus Pro\IAPro.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\werfault.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...ys=DTP&M=W3653
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\Windows\System32\winconfig.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [5EE482E990B612405836CF18B1F3B0DB] C:\Program Files\A360\av360.exe
O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Users\Amy\AppData\Roaming\Microsoft\Windows\winlogon.exe
O4 - HKCU\..\Run: [Internet Antivirus Pro] "C:\Program Files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Policies\Explorer\Run: [iv] "C:\Users\Amy\AppData\Local\Microsoft\Internet Explorer\iv.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - C:\Users\Amy\AppData\Local\Microsoft\Windows\services.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

**Cookiegal** · 27-Feb-2009, 09:27 AM #5

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Jon11205 · 27-Feb-2009, 02:57 PM #6

everytime I click on your blue letters it wont go to the site it says no internet conection or cant find site I think its the virus doing this. because if I try to even search yahoo, it wont come up it sends me to places like banks, other search engines, ect. I have never had problems like this before

Jon11205 · 27-Feb-2009, 03:04 PM #7

ok I got to the site by opening a new internet tab, but now when I click on download it goes to a page that says internet explorer is not working. my computer does this to me everytime I look somthing up like virus help or tech help anything that seems to be able to help me it wont let me go to it. any ideas?
Thank you Jon

Jason08 · 27-Feb-2009, 03:08 PM #8

Did you notice it doing that before you saw the virus?

**Cookiegal** · 27-Feb-2009, 03:20 PM #9

Download the HostsXpert.

Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.3 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Jon11205 · 27-Feb-2009, 03:38 PM **#10**

Ok Cookiegal I did what you said I hit run and then did the read only and then exit.

Jason no it didnt do this before, like it just did it again my internet closed on me so I opened it up again tried to go to techguys and it directed me to stop smoken?

So now that I did that cookie what should I do? by the way thank you so much for you time and help.

Jon11205 · 27-Feb-2009, 03:41 PM **#11**

also I just had my computer go to a full blue screen with white lettering. saying it found spyware monster? then some more stuff and at the end it says dumping physical memory. then it closes to a black screen and about 15 secs. later I am back to where I was? do you know what that is? or why its doing that?

**Cookiegal** · 27-Feb-2009, 03:48 PM **#12**

See if you can run this:

Please download Malwarebytes Anti-Malware form Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also, if you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

Jon11205 · 27-Feb-2009, 03:50 PM **#13**

when I click on restore it says error: cannot creat file C:/Windows/system32/DRIVERS/ETC/hosts the slashes are forward not backwards I dont know how to make it forward

Jon11205 · 27-Feb-2009, 04:15 PM **#14**

Wow when I ran that program it found 50 infected items, I removed them. But when I was making sure they were all checked the virus popup came up again I'm wondering if I should run the malware again? just incase it didnt find that one? I wont unless you tell me too. anyways here are the reports you asked for

Malwarebytes' Anti-Malware 1.34
Database version: 1810
Windows 6.0.6001 Service Pack 1
2/27/2009 2:59:38 PM
mbam-log-2009-02-27 (14-59-38).txt
Scan type: Quick Scan
Objects scanned: 55959
Time elapsed: 4 minute(s), 24 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 29
Memory Processes Infected:
C:\Users\Amy\AppData\Local\Microsoft\Windows\services.exe (Trojan.Fraudtool) -> Unloaded process successfully.
C:\Program Files\Internet Antivirus Pro\IAPro.exe (Rogue.InternetAntivirus) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\itgrdengine (Trojan.Fraudtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\itgrdengine (Trojan.Fraudtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\itgrdengine (Trojan.Fraudtool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4d b7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263 fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inte rnet antivirus pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet antivirus pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5ee482e990b 612405836cf18b1f3b0db (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explor er\Run\iv (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows logon process (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Amy\AppData\Local\Microsoft\Windows\services.exe (Trojan.Fraudtool) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\settings.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\uill.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\unins000.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\db\config.cfg (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\db\Timeout.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Internet Antivirus Pro\db\Urls.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\activate.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Explorer.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\IAPro.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\unins000.dat (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\uninstall.ico (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\working.log (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\db\ia080614.db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Local\Microsoft\Internet Explorer\iv.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Users\Amy\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Amy\AppData\Roaming\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Amy\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\file.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> Quarantined and deleted successfully.

and now I will do the hijack one first I have to have it make another report hmmmm.....
um when I tried to do another report it told me this
For some reason your system denied write access to the host file. If any hijacked domains are in this file, Hijack This may NOT ba able to fix this.

If that happens, you need to edit the file yourself. To do this, click start, run and type:

notepad C:/windows?System32/drivers/etc/hosts
and press enter find the line(s) Hijack This reports and delete them,
Save file as 'hosts', (with quotes), and then rebot.

for vista simply, exit hijack this, right click on the icon hijack this choose run as administrator

then it has an ok tab im gonna click on the ok tab. ok I guess it worked it gave me a report here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:42 PM, on 2/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Antivirus Pro\IAPro.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\werfault.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...ys=DTP&M=W3653
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...ys=DTP&M=W3653
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\Windows\System32\winconfig.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [5EE482E990B612405836CF18B1F3B0DB] C:\Program Files\A360\av360.exe
O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Users\Amy\AppData\Roaming\Microsoft\Windows\winlogon.exe
O4 - HKCU\..\Run: [Internet Antivirus Pro] "C:\Program Files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Policies\Explorer\Run: [iv] "C:\Users\Amy\AppData\Local\Microsoft\Internet Explorer\iv.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - C:\Users\Amy\AppData\Local\Microsoft\Windows\services.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9030 bytes

**Cookiegal** · 27-Feb-2009, 04:48 PM **#15**

Please see if you are able to run ComboFix now.

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze games gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram random registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!