Virus Help

T

TryingToProve

New Member
Hello. I have got a few viruses on my computer. I am now using Norton 30 day trial. The virus I have is quick defrag. I am not sure how to remove it from my computer. Another one I have is when I try to search for stuff ads pop up. Can you please help me get rid of this stuff? Thank you so much.
 
How the hell did you get a virus? That said JohnB is going to walk you thru it. Not me.

Stay here you will get help.
 
I did that RKILL thing. Then it let me download hijack this. It still would not let me download malwarebytes. This is from rkill:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/06/2011 at 0:03:59.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 02/06/2011 at 0:04:44.

Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:06:23 AM, on 2/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Program Files\AOL 9.5\shellmon.exe
c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll (file missing)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Unknown owner - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (file missing)

--
End of file - 6498 bytes
 
I think I should delete the BHO no name file. Is that right? Also is there anything else I need to delete?? Thank you again.

I deleted that BHO no name and BHO wormradar
 
Last edited:
Try installing and running MalwareBytes again.

TryingToProve said:
I think I should delete the BHO no name file. Is that right? Also is there anything else I need to delete?? Thank you again.

I deleted that BHO no name and BHO wormradar
Click to expand...

For future reference, don't delete anything you find in the log unless instructed to do so.
 
Nope I cant do it :(

I did the second RSkill listed and got this, this time:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/06/2011 at 0:21:15.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\runonce.exe


Rkill completed on 02/06/2011 at 0:21:42.

I did the last rkill and got this:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/06/2011 at 0:23:44.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\runonce.exe


Rkill completed on 02/06/2011 at 0:24:22.

What do I do now? & thank you again

ALSO

stopzilla keeps popping up.
 
Last edited:
I was not joking! Wait for John!

90% of people do not have a real virus issue 10% do. I am very concerned you really have one. Let John help.
 
Try to use "eset NOD32" this anti virus is so great, but unfortunately it's 30 day trial. but you can ______ it's serial key you know what i mean. i don't want to expose that word because it's ILLEGAL and against the rule of the forum.
 
Uninstall the nortons software first as it will interfere with running of the program i'm going to have you run.

Please download combofix from an uninfected computer to a usb flash drive or burn the file to a cd and transfer it to the infected machines desktop after booting to safe mode.

You may have to run rkill again to allow combofix to run, but do not reboot the computer after running until combofix runs and deletes the infections.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.

After running combofix, you should be able to download and run malwarebytes and post its logfile. Only run a new hijackthis scan after malwarebytes has ran.

In your next reply please post:
  • The ComboFix log
  • The Malwarebytes log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Last edited:
Okay that is super confusing. I will go to my parents house and download that and cave it to a flash drive. Then come to my computer & first uninstall norton then how do I put that thing on the flash drive on my computer? I have a feeling when I uninstall norton and before I somehow get that thing on my flash drive on my computer. All the virus sh*t will be popping up?
 
Just copy and paste it from the flash drive to your desktop screen. Combofix must be ran from the desktop not from a flash drive or folder.
 
OMG please help!!! I went to download that thing you told me to & when I did it said unstill avg or dangerous stuff will happen so I went to uninstall it and said error and when I start up my computer only my picture background will show up & norton antivirus says that something is blocked for my protection. and nothing else pops up. when i hit control alt delete, something pops up. But I cannot do anything, none of my desktop items show up. Please help. I am at my parents house now using their computer to talk to yall. I have a jump drive with me now. I will do anything you tell me to do to get my computer normal again. I work from home so I need my computer please help me.
 
I went home and did the cntrl alt delete & did new task and entered explorer.exe and then enter and nothing happened. Then I did explorer and enter and nothing happened. PLease help asap.
 
can I somehow somehow put a windows xp restore on my jump drive then put the jump drive in my computer. Maybe that will work. please someone reply. I am waiting for help. Thank you again so much!
 
I am at my computer now. I went to new task on ctrl alt delete and click internet explorer. My desktop is still not showing. please help.
 
You must log in or register to reply here.
Back
Top