Advertisement
14-Mar-2009, 03:41 AM
#1 | |||||||
| Viruses, Trojans keep appearing, doing strange things Hello, please bear with me, I'm inexperienced and never found a truly safe way to repair a computer. My laptop is a Dell Inspiron 5100, and runs Windows XP Professional, and I don't have the disc(s), so I cannot reinstall the OS. :/ I've used: Autoruns (no real help), HijackThis (I just stare at the log), Combofix (helped a little), and MalwareBytes (which finds many trojans and viruses).... and I've run the in Safe Mode as well as Normally. These programs have removed enough malware to keep the laptop from restarting constantly. ((I haven't yet used Windows Defender, I don't know if it'll do any good at the moment)) But I have to manually start explorer.exe through Task Manager, because my desktop and taskbar don't show up during startup anymore which is bothersome. Also whenever I start it, viruses I thought the antivirus programs got rid of load and reappear in the Processes tab in multiples. One of the malwares is occasionally blocking my access to the internet. Reader_s.exe, reader_sl.exe, svchost.exe, among others, all show up in the User, SYSTEM AND NETWORK SERVICE sections of the processes tab. I think this has something to do with starting Explorer.exe, but I'm not sure. I don't know what these programs do. And- rundll32 has also come up in an error message, but I don't remember what it said. I've been at this since day one, and I'm afraid that the longer I spend trying to get repair files and belete bad ones, the more the viruses destroy the computer. I hope you guys can help me, and if you need me to do anything else, please let me know. Thank you! Here's a log: DDS (Ver_09-02-01.01) - NTFSx86 Run by Special Education at 3:10:07.04 on Sat 03/14/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.123 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Documents and Settings\All Users\Documents\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\WLTRAY.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe svchost.exe C:\WINDOWS\TEMP\VRT4.tmp C:\WINDOWS\system32\hypertrm.exe C:\WINDOWS\System32\reader_s.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Special Education\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\explorer.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: NoExplorer - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIModeChange] Ati2mdxx.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [reader_s] c:\windows\system32\reader_s.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [services] c:\windows\services.exe dRun: [reader_s] c:\documents and settings\special education\reader_s.exe dExplorerRun: [services] c:\windows\services.exe StartupFolder: c:\docume~1\specia~1\startm~1\programs\startup\zoomte~1.lnk - c:\program files\zoomtext xtra\level 2\ZX2.exe dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {00000163-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\docume~1\alluse~1\docume~1\MpShHook.dll ============= SERVICES / DRIVERS =============== R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-7-1 42376] R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-3-14 18944] R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-7-1 66952] R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-7-1 81288] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-24 45132] R2 WinDefend;Windows Defender;c:\documents and settings\all users\documents\MsMpEng.exe [2006-11-3 13592] S1 ethafsjc;ethafsjc;c:\windows\system32\drivers\ethafsjc.sys [2009-3-4 136160] S2 JFWService;JFWService;c:\program files\freedom scientific\jaws\7.10\jfw.exe [2006-11-8 3776574] S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?] S4 sdAuxService;PC Tools Auxiliary Service;c:\documents and settings\special education\desktop\delete\spyware doctor\pctsauxs.exe --> c:\documents and settings\special education\desktop\delete\spyware doctor\pctsAuxs.exe [?] S4 sdCoreService;PC Tools Security Service;c:\documents and settings\special education\desktop\delete\spyware doctor\pctssvc.exe --> c:\documents and settings\special education\desktop\delete\spyware doctor\pctsSvc.exe [?] =============== Created Last 30 ================ 2009-03-14 02:16 33,280 a------- c:\documents and settings\special education\reader_s.exe 2009-03-14 02:16 33,280 a------- c:\windows\system32\reader_s.exe 2009-03-14 02:16 18,944 a---h--- c:\windows\system32\drivers\protect.sys 2009-03-14 02:16 64,000 a------- c:\windows\system32\hypertrm.exe 2009-03-14 02:15 65,536 a------- c:\windows\system32\6.tmp 2009-03-14 02:15 84 a------- c:\windows\system32\5.tmp 2009-03-14 00:46 <DIR> --d----- c:\program files\Trend Micro 2009-03-14 00:24 84 a------- c:\windows\system32\8.tmp 2009-03-14 00:19 64,000 a------- c:\windows\system32\hhupd.exe 2009-03-13 23:14 64,000 a------- c:\windows\system32\ia64kd.exe 2009-03-13 12:58 65,536 a------- c:\windows\system32\1F.tmp 2009-03-13 12:58 84 a------- c:\windows\system32\1E.tmp 2009-03-13 12:54 65,536 a------- c:\windows\system32\1D.tmp 2009-03-13 12:53 61,952 a------- c:\windows\system32\1C.tmp 2009-03-13 12:53 128 a------- c:\windows\system32\1B.tmp 2009-03-13 12:38 81,920 a------- c:\windows\WCSMON.EXE 2009-03-13 12:38 64,512 a------- c:\windows\system32\objcopy.exe 2009-03-13 12:38 65,536 a------- c:\windows\system32\1A.tmp 2009-03-13 12:03 64,000 a------- c:\windows\system32\peverify.exe 2009-03-13 12:03 65,536 a------- c:\windows\system32\19.tmp 2009-03-13 12:03 28,672 a------- c:\windows\system32\18.tmp 2009-03-13 12:03 124 a------- c:\windows\system32\17.tmp 2009-03-13 12:02 64,000 a------- c:\windows\system32\res2coff.exe 2009-03-13 11:57 <DIR> --d----- C:\1aee9d684f9974c68606a5 2009-03-13 11:55 <DIR> --d----- C:\3b71fe43fd7ce713a38e93a1 2009-03-13 11:42 64,512 a------- c:\windows\system32\luinit.exe 2009-03-13 07:47 64,000 a------- c:\windows\system32\flash.exe 2009-03-13 07:42 64,512 a------- c:\windows\system32\symantecroot.exe 2009-03-13 07:20 64,000 a------- c:\windows\system32\symchk.exe 2009-03-13 07:07 <DIR> a-dshr-- C:\cmdcons 2009-03-13 06:23 0 a------- c:\windows\system32\3C.tmp 2009-03-13 05:14 <DIR> --d----- c:\docume~1\specia~1\applic~1\Malwarebytes 2009-03-13 05:14 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-03-13 05:14 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-13 05:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-03-13 05:12 0 a------- c:\windows\system32\3A.tmp 2009-03-13 05:06 410,984 a------- c:\windows\system32\deploytk.dll 2009-03-13 05:05 30,880 a------- c:\windows\system32\drivers\uqklsxxb.sys 2009-03-13 04:52 38,400 a------- c:\windows\system32\11.tmp 2009-03-13 03:21 0 a------- c:\windows\system32\16.tmp 2009-03-13 02:41 0 a------- c:\windows\system32\13.tmp 2009-03-13 02:21 0 a------- c:\windows\system32\10.tmp 2009-03-09 02:35 540,032 a------- C:\autorunsc.exe 2009-03-09 02:35 647,552 a------- C:\autoruns.exe 2009-03-09 01:19 0 a------- c:\windows\system32\14.tmp 2009-03-09 01:16 0 a------- c:\windows\system32\12.tmp 2009-03-04 05:14 179,200 a------- c:\windows\SWREG.exe 2009-03-04 05:14 116,224 a------- c:\windows\sed.exe 2009-03-04 03:28 136,160 a------- c:\windows\system32\drivers\ethafsjc.sys 2009-03-04 03:22 136,096 a------- c:\windows\system32\drivers\symim.sys 2009-03-04 03:22 11,776 a------- c:\windows\nyuzmjxy.exe 2009-03-04 03:22 0 a------- c:\windows\system32\20.tmp 2009-03-04 03:21 30,880 a------- c:\windows\system32\drivers\kjsinfja.sys 2009-03-04 03:20 6 a------- c:\windows\_id.dat 2009-03-04 03:19 182,912 ac------ c:\windows\system32\dllcache\ndis.sys 2009-03-04 03:19 128 a------- c:\windows\adobe.bat 2009-03-04 03:18 121,856 ac------ c:\windows\system32\dllcache\userinit.exe 2009-03-04 03:18 <DIR> --d----- c:\windows\system32\inf 2009-03-04 03:18 124 a------- c:\windows\system32\15.tmp 2009-03-04 03:17 47,616 a------- c:\windows\system32\frmwrk32.ex_ ==================== Find3M ==================== 2009-03-14 02:12 2,000,000 a------t c:\windows\system32\HJSMEM.DAT 2009-03-04 03:19 182,912 a------- c:\windows\system32\drivers\ndis.sys 2009-03-04 03:18 121,856 a------- c:\windows\system32\userinit.exe 2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys 2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll 2008-04-07 17:04 12,754,672 a------- c:\program files\MP10Setup.exe ============= FINISH: 3:10:22.88 =============== Last edited by Atomic Explosion; 14-Mar-2009 at 03:49 AM.. Reason: more info |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| Tags |
explorer.exe, reappearing, trojan, virus  |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
