1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Viruses, Trojans keep appearing, doing strange things

Discussion in 'Virus & Other Malware Removal' started by Atomic Explosion, Mar 14, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Atomic Explosion

    Atomic Explosion Thread Starter

    Joined:
    Mar 14, 2009
    Messages:
    1
    Hello, please bear with me, I'm inexperienced and never found a truly safe way to repair a computer.

    My laptop is a Dell Inspiron 5100, and runs Windows XP Professional, and I don't have the disc(s), so I cannot reinstall the OS. :/

    I've used: Autoruns (no real help), HijackThis (I just stare at the log), Combofix (helped a little), and MalwareBytes (which finds many trojans and viruses).... and I've run the in Safe Mode as well as Normally. These programs have removed enough malware to keep the laptop from restarting constantly. ((I haven't yet used Windows Defender, I don't know if it'll do any good at the moment))

    But I have to manually start explorer.exe through Task Manager, because my desktop and taskbar don't show up during startup anymore which is bothersome. Also whenever I start it, viruses I thought the antivirus programs got rid of load and reappear in the Processes tab in multiples. One of the malwares is occasionally blocking my access to the internet.

    Reader_s.exe, reader_sl.exe, svchost.exe, among others, all show up in the User, SYSTEM AND NETWORK SERVICE sections of the processes tab. I think this has something to do with starting Explorer.exe, but I'm not sure. I don't know what these programs do. And- rundll32 has also come up in an error message, but I don't remember what it said.

    I've been at this since day one, and I'm afraid that the longer I spend trying to get repair files and belete bad ones, the more the viruses destroy the computer. I hope you guys can help me, and if you need me to do anything else, please let me know. Thank you!

    Here's a log:



    DDS (Ver_09-02-01.01) - NTFSx86
    Run by Special Education at 3:10:07.04 on Sat 03/14/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.123 [GMT -4:00]

    ============== Running Processes ===============
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Documents and Settings\All Users\Documents\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\WLTRAY.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    svchost.exe C:\WINDOWS\TEMP\VRT4.tmp
    C:\WINDOWS\system32\hypertrm.exe
    C:\WINDOWS\System32\reader_s.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Special Education\Desktop\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\explorer.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: NoExplorer - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ATIModeChange] Ati2mdxx.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [reader_s] c:\windows\system32\reader_s.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [services] c:\windows\services.exe
    dRun: [reader_s] c:\documents and settings\special education\reader_s.exe
    dExplorerRun: [services] c:\windows\services.exe
    StartupFolder: c:\docume~1\specia~1\startm~1\programs\startup\zoomte~1.lnk - c:\program files\zoomtext xtra\level 2\ZX2.exe
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {00000163-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\docume~1\alluse~1\docume~1\MpShHook.dll
    ============= SERVICES / DRIVERS ===============
    R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-7-1 42376]
    R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-3-14 18944]
    R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-7-1 66952]
    R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-7-1 81288]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-24 45132]
    R2 WinDefend;Windows Defender;c:\documents and settings\all users\documents\MsMpEng.exe [2006-11-3 13592]
    S1 ethafsjc;ethafsjc;c:\windows\system32\drivers\ethafsjc.sys [2009-3-4 136160]
    S2 JFWService;JFWService;c:\program files\freedom scientific\jaws\7.10\jfw.exe [2006-11-8 3776574]
    S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
    S4 sdAuxService;PC Tools Auxiliary Service;c:\documents and settings\special education\desktop\delete\spyware doctor\pctsauxs.exe --> c:\documents and settings\special education\desktop\delete\spyware doctor\pctsAuxs.exe [?]
    S4 sdCoreService;PC Tools Security Service;c:\documents and settings\special education\desktop\delete\spyware doctor\pctssvc.exe --> c:\documents and settings\special education\desktop\delete\spyware doctor\pctsSvc.exe [?]
    =============== Created Last 30 ================
    2009-03-14 02:16 33,280 a------- c:\documents and settings\special education\reader_s.exe
    2009-03-14 02:16 33,280 a------- c:\windows\system32\reader_s.exe
    2009-03-14 02:16 18,944 a---h--- c:\windows\system32\drivers\protect.sys
    2009-03-14 02:16 64,000 a------- c:\windows\system32\hypertrm.exe
    2009-03-14 02:15 65,536 a------- c:\windows\system32\6.tmp
    2009-03-14 02:15 84 a------- c:\windows\system32\5.tmp
    2009-03-14 00:46 <DIR> --d----- c:\program files\Trend Micro
    2009-03-14 00:24 84 a------- c:\windows\system32\8.tmp
    2009-03-14 00:19 64,000 a------- c:\windows\system32\hhupd.exe
    2009-03-13 23:14 64,000 a------- c:\windows\system32\ia64kd.exe
    2009-03-13 12:58 65,536 a------- c:\windows\system32\1F.tmp
    2009-03-13 12:58 84 a------- c:\windows\system32\1E.tmp
    2009-03-13 12:54 65,536 a------- c:\windows\system32\1D.tmp
    2009-03-13 12:53 61,952 a------- c:\windows\system32\1C.tmp
    2009-03-13 12:53 128 a------- c:\windows\system32\1B.tmp
    2009-03-13 12:38 81,920 a------- c:\windows\WCSMON.EXE
    2009-03-13 12:38 64,512 a------- c:\windows\system32\objcopy.exe
    2009-03-13 12:38 65,536 a------- c:\windows\system32\1A.tmp
    2009-03-13 12:03 64,000 a------- c:\windows\system32\peverify.exe
    2009-03-13 12:03 65,536 a------- c:\windows\system32\19.tmp
    2009-03-13 12:03 28,672 a------- c:\windows\system32\18.tmp
    2009-03-13 12:03 124 a------- c:\windows\system32\17.tmp
    2009-03-13 12:02 64,000 a------- c:\windows\system32\res2coff.exe
    2009-03-13 11:57 <DIR> --d----- C:\1aee9d684f9974c68606a5
    2009-03-13 11:55 <DIR> --d----- C:\3b71fe43fd7ce713a38e93a1
    2009-03-13 11:42 64,512 a------- c:\windows\system32\luinit.exe
    2009-03-13 07:47 64,000 a------- c:\windows\system32\flash.exe
    2009-03-13 07:42 64,512 a------- c:\windows\system32\symantecroot.exe
    2009-03-13 07:20 64,000 a------- c:\windows\system32\symchk.exe
    2009-03-13 07:07 <DIR> a-dshr-- C:\cmdcons
    2009-03-13 06:23 0 a------- c:\windows\system32\3C.tmp
    2009-03-13 05:14 <DIR> --d----- c:\docume~1\specia~1\applic~1\Malwarebytes
    2009-03-13 05:14 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-03-13 05:14 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-13 05:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-03-13 05:12 0 a------- c:\windows\system32\3A.tmp
    2009-03-13 05:06 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-13 05:05 30,880 a------- c:\windows\system32\drivers\uqklsxxb.sys
    2009-03-13 04:52 38,400 a------- c:\windows\system32\11.tmp
    2009-03-13 03:21 0 a------- c:\windows\system32\16.tmp
    2009-03-13 02:41 0 a------- c:\windows\system32\13.tmp
    2009-03-13 02:21 0 a------- c:\windows\system32\10.tmp
    2009-03-09 02:35 540,032 a------- C:\autorunsc.exe
    2009-03-09 02:35 647,552 a------- C:\autoruns.exe
    2009-03-09 01:19 0 a------- c:\windows\system32\14.tmp
    2009-03-09 01:16 0 a------- c:\windows\system32\12.tmp
    2009-03-04 05:14 179,200 a------- c:\windows\SWREG.exe
    2009-03-04 05:14 116,224 a------- c:\windows\sed.exe
    2009-03-04 03:28 136,160 a------- c:\windows\system32\drivers\ethafsjc.sys
    2009-03-04 03:22 136,096 a------- c:\windows\system32\drivers\symim.sys
    2009-03-04 03:22 11,776 a------- c:\windows\nyuzmjxy.exe
    2009-03-04 03:22 0 a------- c:\windows\system32\20.tmp
    2009-03-04 03:21 30,880 a------- c:\windows\system32\drivers\kjsinfja.sys
    2009-03-04 03:20 6 a------- c:\windows\_id.dat
    2009-03-04 03:19 182,912 ac------ c:\windows\system32\dllcache\ndis.sys
    2009-03-04 03:19 128 a------- c:\windows\adobe.bat
    2009-03-04 03:18 121,856 ac------ c:\windows\system32\dllcache\userinit.exe
    2009-03-04 03:18 <DIR> --d----- c:\windows\system32\inf
    2009-03-04 03:18 124 a------- c:\windows\system32\15.tmp
    2009-03-04 03:17 47,616 a------- c:\windows\system32\frmwrk32.ex_
    ==================== Find3M ====================
    2009-03-14 02:12 2,000,000 a------t c:\windows\system32\HJSMEM.DAT
    2009-03-04 03:19 182,912 a------- c:\windows\system32\drivers\ndis.sys
    2009-03-04 03:18 121,856 a------- c:\windows\system32\userinit.exe
    2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
    2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
    2008-04-07 17:04 12,754,672 a------- c:\program files\MP10Setup.exe
    ============= FINISH: 3:10:22.88 ===============
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/809294