Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy > > >

Viruses, Trojans keep appearing, doing strange things

(New)
(!)

Atomic Explosion's Avatar
Atomic Explosion Atomic Explosion is offline
Computer Specs
Junior Member with 1 posts.
THREAD STARTER
 
Join Date: Mar 2009
Experience: Computer Illiterate
14-Mar-2009, 03:41 AM #1
Viruses, Trojans keep appearing, doing strange things
Hello, please bear with me, I'm inexperienced and never found a truly safe way to repair a computer.

My laptop is a Dell Inspiron 5100, and runs Windows XP Professional, and I don't have the disc(s), so I cannot reinstall the OS. :/

I've used: Autoruns (no real help), HijackThis (I just stare at the log), Combofix (helped a little), and MalwareBytes (which finds many trojans and viruses).... and I've run the in Safe Mode as well as Normally. These programs have removed enough malware to keep the laptop from restarting constantly. ((I haven't yet used Windows Defender, I don't know if it'll do any good at the moment))

But I have to manually start explorer.exe through Task Manager, because my desktop and taskbar don't show up during startup anymore which is bothersome. Also whenever I start it, viruses I thought the antivirus programs got rid of load and reappear in the Processes tab in multiples. One of the malwares is occasionally blocking my access to the internet.

Reader_s.exe, reader_sl.exe, svchost.exe, among others, all show up in the User, SYSTEM AND NETWORK SERVICE sections of the processes tab. I think this has something to do with starting Explorer.exe, but I'm not sure. I don't know what these programs do. And- rundll32 has also come up in an error message, but I don't remember what it said.

I've been at this since day one, and I'm afraid that the longer I spend trying to get repair files and belete bad ones, the more the viruses destroy the computer. I hope you guys can help me, and if you need me to do anything else, please let me know. Thank you!

Here's a log:



DDS (Ver_09-02-01.01) - NTFSx86
Run by Special Education at 3:10:07.04 on Sat 03/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.123 [GMT -4:00]

============== Running Processes ===============
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Documents and Settings\All Users\Documents\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT4.tmp
C:\WINDOWS\system32\hypertrm.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Special Education\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\explorer.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [reader_s] c:\windows\system32\reader_s.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [services] c:\windows\services.exe
dRun: [reader_s] c:\documents and settings\special education\reader_s.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\specia~1\startm~1\programs\startup\zoomte~1.lnk - c:\program files\zoomtext xtra\level 2\ZX2.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {00000163-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\docume~1\alluse~1\docume~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-7-1 42376]
R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-3-14 18944]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-7-1 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-7-1 81288]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-24 45132]
R2 WinDefend;Windows Defender;c:\documents and settings\all users\documents\MsMpEng.exe [2006-11-3 13592]
S1 ethafsjc;ethafsjc;c:\windows\system32\drivers\ethafsjc.sys [2009-3-4 136160]
S2 JFWService;JFWService;c:\program files\freedom scientific\jaws\7.10\jfw.exe [2006-11-8 3776574]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\documents and settings\special education\desktop\delete\spyware doctor\pctsauxs.exe --> c:\documents and settings\special education\desktop\delete\spyware doctor\pctsAuxs.exe [?]
S4 sdCoreService;PC Tools Security Service;c:\documents and settings\special education\desktop\delete\spyware doctor\pctssvc.exe --> c:\documents and settings\special education\desktop\delete\spyware doctor\pctsSvc.exe [?]
=============== Created Last 30 ================
2009-03-14 02:16 33,280 a------- c:\documents and settings\special education\reader_s.exe
2009-03-14 02:16 33,280 a------- c:\windows\system32\reader_s.exe
2009-03-14 02:16 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-03-14 02:16 64,000 a------- c:\windows\system32\hypertrm.exe
2009-03-14 02:15 65,536 a------- c:\windows\system32\6.tmp
2009-03-14 02:15 84 a------- c:\windows\system32\5.tmp
2009-03-14 00:46 <DIR> --d----- c:\program files\Trend Micro
2009-03-14 00:24 84 a------- c:\windows\system32\8.tmp
2009-03-14 00:19 64,000 a------- c:\windows\system32\hhupd.exe
2009-03-13 23:14 64,000 a------- c:\windows\system32\ia64kd.exe
2009-03-13 12:58 65,536 a------- c:\windows\system32\1F.tmp
2009-03-13 12:58 84 a------- c:\windows\system32\1E.tmp
2009-03-13 12:54 65,536 a------- c:\windows\system32\1D.tmp
2009-03-13 12:53 61,952 a------- c:\windows\system32\1C.tmp
2009-03-13 12:53 128 a------- c:\windows\system32\1B.tmp
2009-03-13 12:38 81,920 a------- c:\windows\WCSMON.EXE
2009-03-13 12:38 64,512 a------- c:\windows\system32\objcopy.exe
2009-03-13 12:38 65,536 a------- c:\windows\system32\1A.tmp
2009-03-13 12:03 64,000 a------- c:\windows\system32\peverify.exe
2009-03-13 12:03 65,536 a------- c:\windows\system32\19.tmp
2009-03-13 12:03 28,672 a------- c:\windows\system32\18.tmp
2009-03-13 12:03 124 a------- c:\windows\system32\17.tmp
2009-03-13 12:02 64,000 a------- c:\windows\system32\res2coff.exe
2009-03-13 11:57 <DIR> --d----- C:\1aee9d684f9974c68606a5
2009-03-13 11:55 <DIR> --d----- C:\3b71fe43fd7ce713a38e93a1
2009-03-13 11:42 64,512 a------- c:\windows\system32\luinit.exe
2009-03-13 07:47 64,000 a------- c:\windows\system32\flash.exe
2009-03-13 07:42 64,512 a------- c:\windows\system32\symantecroot.exe
2009-03-13 07:20 64,000 a------- c:\windows\system32\symchk.exe
2009-03-13 07:07 <DIR> a-dshr-- C:\cmdcons
2009-03-13 06:23 0 a------- c:\windows\system32\3C.tmp
2009-03-13 05:14 <DIR> --d----- c:\docume~1\specia~1\applic~1\Malwarebytes
2009-03-13 05:14 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-13 05:14 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 05:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-13 05:12 0 a------- c:\windows\system32\3A.tmp
2009-03-13 05:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-13 05:05 30,880 a------- c:\windows\system32\drivers\uqklsxxb.sys
2009-03-13 04:52 38,400 a------- c:\windows\system32\11.tmp
2009-03-13 03:21 0 a------- c:\windows\system32\16.tmp
2009-03-13 02:41 0 a------- c:\windows\system32\13.tmp
2009-03-13 02:21 0 a------- c:\windows\system32\10.tmp
2009-03-09 02:35 540,032 a------- C:\autorunsc.exe
2009-03-09 02:35 647,552 a------- C:\autoruns.exe
2009-03-09 01:19 0 a------- c:\windows\system32\14.tmp
2009-03-09 01:16 0 a------- c:\windows\system32\12.tmp
2009-03-04 05:14 179,200 a------- c:\windows\SWREG.exe
2009-03-04 05:14 116,224 a------- c:\windows\sed.exe
2009-03-04 03:28 136,160 a------- c:\windows\system32\drivers\ethafsjc.sys
2009-03-04 03:22 136,096 a------- c:\windows\system32\drivers\symim.sys
2009-03-04 03:22 11,776 a------- c:\windows\nyuzmjxy.exe
2009-03-04 03:22 0 a------- c:\windows\system32\20.tmp
2009-03-04 03:21 30,880 a------- c:\windows\system32\drivers\kjsinfja.sys
2009-03-04 03:20 6 a------- c:\windows\_id.dat
2009-03-04 03:19 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
2009-03-04 03:19 128 a------- c:\windows\adobe.bat
2009-03-04 03:18 121,856 ac------ c:\windows\system32\dllcache\userinit.exe
2009-03-04 03:18 <DIR> --d----- c:\windows\system32\inf
2009-03-04 03:18 124 a------- c:\windows\system32\15.tmp
2009-03-04 03:17 47,616 a------- c:\windows\system32\frmwrk32.ex_
==================== Find3M ====================
2009-03-14 02:12 2,000,000 a------t c:\windows\system32\HJSMEM.DAT
2009-03-04 03:19 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-04 03:18 121,856 a------- c:\windows\system32\userinit.exe
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-04-07 17:04 12,754,672 a------- c:\program files\MP10Setup.exe
============= FINISH: 3:10:22.88 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Last edited by Atomic Explosion; 14-Mar-2009 at 03:49 AM.. Reason: more info
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
explorer.exe, reappearing, trojan, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑