if i restart my pc have to reinstall windows!

February 19, 2011 at 20:56:31
Specs: Windows XP, 256mb ram
well every time i restart my pc, i have to reinstall windows xp because theres always a file missing at start up,
after i reinstalled xp i ran a virus scan and theres 31 infections and many, different viruses in my system32 folder. heres the log

Malwarebytes' Anti-Malware

Database version: 5815

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/19/2011 11:32:21 PM
mbam-log-2011-02-19 (23-32-18).txt

Scan type: Quick scan
Objects scanned: 128342
Time elapsed: 28 minute(s), 45 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 10
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
c:\WINDOWS\Temp\34byl.exe (Trojan.Downloader) -> 3568 -> No action taken.
c:\WINDOWS\Temp\o6jv.exe (Trojan.Dynamer) -> 3608 -> No action taken.
c:\WINDOWS\Temp\o6jv.exe (Trojan.Dynamer) -> 2652 -> No action taken.
c:\WINDOWS\svc2.exe (Trojan.Sisproc.Gen) -> 2192 -> No action taken.

Memory Modules Infected:
c:\WINDOWS\system32\nwcwks.dll (Trojan.Inject) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} (Worm.Nyxem) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D} (Worm.Nyxem) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D} (Worm.Nyxem) -> No action taken.
HKEY_CLASSES_ROOT\MSWinsock.Winsock.1 (Worm.Nyxem) -> No action taken.
HKEY_CLASSES_ROOT\MSWinsock.Winsock (Worm.Nyxem) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advan ced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\Run\2z4in (Trojan.Downloader) -> Value: 2z4in -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\Run\s4u9 (Trojan.Dynamer) -> Value: s4u9 -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetLog2 (Trojan.Sisproc.Gen) -> Value: NetLog2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\Run\apps (Trojan.Agent) -> Value: apps -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Rootkit.ADS) -> Value: userini -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\Run\userini (Rootkit.ADS) -> Value: userini -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userini (Rootkit.ADS) -> Value: userini -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explor er\Run\userini (Rootkit.ADS) -> Value: userini -> No action taken.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\win (Malware.Trace) -> Value: win -> No action taken.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\init (Malware.Trace) -> Value: init -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advan ced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\nwcwks.dll (Trojan.Inject) -> No action taken.
c:\WINDOWS\Temp\34byl.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\o6jv.exe (Trojan.Dynamer) -> No action taken.
c:\WINDOWS\svc2.exe (Trojan.Sisproc.Gen) -> No action taken.
c:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> No action taken.
c:\WINDOWS\system32\calc.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\Temp\7cx66hjl.exe (Malware.Packer.Gen) -> No action taken.
c:\WINDOWS\Temp\eq88jce8p.exe (Trojan.Sisproc.Gen) -> No action taken.
c:\WINDOWS\system32\6c6s4.log (Malware.Trace) -> No action taken.
c:\documents and settings\brandon\application data\wiaservg.log (Malware.Trace) -> No action taken.
c:\WINDOWS\Temp\wpv411298036282.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\explorer.exe:userini.exe (Rootkit.ADS) -> No action taken.

im not sure if i should remove them or not

February 19, 2011 at 21:03:04
You should be posting this in the 'Security and Virus' Forum.

February 19, 2011 at 21:05:21

February 19, 2011 at 22:32:15
you have serious problems and even you remove such a many kind of infections correctly no way garranty may be that after that your sistem will work properly and my mine is-reinstall windows with slow formatting hard disk

February 20, 2011 at 14:12:34
You don't say what file is missing. If you have partly removed a virus it might be referring to a virus file that is still being referenced in the registry.

Remove all infections MalwareBytes reports.

I'm not sure why you are re-installing WIndows. It might become necessary but it would be better to remove the infections before going that way. Having done so it might now confuse the issue.

February 26, 2011 at 10:42:41
well its always a different one! heres all what i have done..

- reinstalled windows 10 times (at least)
- reformatted the hdd 9 times (5 times the long format)
- used malware bytes and always detects no virus
- during use of my pc, i gete blue screen of death (BSOD)
- after blue screen of death goes away, it restarts and then after boot screen (with windows logo and loading bar) get the blue screen every time.

so right now, if i restart my pc, im gonna have to reinstall my computer!!
i need professional help.

February 26, 2011 at 14:35:45
Well, yes, you might need hands on assistance - it is not possible to sort all problems yourself with help from afar.

The reason I asked for a file name was to determine whether it was a Windows file missing or whether it was referring to a virus file. Any name would have done.

There is a possibility of a boot sector or MFT virus, or corruption of it due to a virus.

If you reformat and install again disconnect yourself from line first then run MalwareBytes before you connect to line. Use a fresh copy downloaded on another machine, transferred via a clean flash drive, so that you know you are not restoring an infected copy. This way you should be able to determine exactly what action introduces the viruses. They can be passsed via input devices.

