Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus removal and computer repair


  • This topic is locked This topic is locked
17 replies to this topic

#1 wh33ls

wh33ls

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 03 January 2010 - 04:55 PM

Hello,

I'm cleaning up my girlfriend's computer. She picked up a virus that totally disabled it. I could click her account name at the Windows splash screen, it would flash her desktop, then immediately log her off. Using the recovery console of the Windows XP CD I was able to repair some files and get some things working. I ran ran the DDS scanner and that log is below. The Attach.txt and RootRepeal log files are attached.

Here's the problem, or at least one of the problems. The computer has internet connectivity but many programs are broken. I can't run IE; when I try, it says "iexplore.exe Entry Point Not Found. The procedure entry point SetDllDirectoryW could not be located in the dynamic link library KERNEL32.dll." iTunes, AVG Antivirus, etc. don't work either. All these programs give variations of the error "(Program) requires Windows XP SP2 or later." I can't run Windows Update to upgrade to SP3 because IE doesn't work. I was able to install Firefox, which works fine.

Thanks in advance for your help.

DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by jenn at 13:35:35.08 on Sun 01/03/2010
Internet Explorer: 6.0.2600.0000

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Comcast
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [<NO NAME>]
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\procexp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193007011129
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {FCBABDA2-801E-4F51-B6E8-0122032FB16B} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXQIBSJ

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jenn\applic~1\mozilla\firefox\profiles\olrczaf5.default\
FF - plugin: c:\documents and settings\jenn\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-24 01:24:34 0 d-----w- c:\docume~1\jenn\applic~1\Malwarebytes
2009-12-24 01:24:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 01:24:28 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 01:24:28 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 01:24:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-23 05:34:58 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2009-12-23 05:33:56 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-12-23 05:32:59 94208 -c--a-w- c:\windows\system32\dllcache\fpcount.exe
2009-12-23 05:26:01 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-12-23 05:24:59 57344 -c--a-w- c:\windows\system32\dllcache\msadcf.dll
2009-12-23 05:24:59 53248 -c--a-w- c:\windows\system32\dllcache\msadcs.dll
2009-12-23 05:24:59 20480 -c--a-w- c:\windows\system32\dllcache\msadcer.dll
2009-12-23 05:24:59 16384 -c--a-w- c:\windows\system32\dllcache\msadcor.dll
2009-12-23 05:24:59 16384 -c--a-w- c:\windows\system32\dllcache\msadcfr.dll
2009-12-23 05:24:59 147456 -c--a-w- c:\windows\system32\dllcache\msadds.dll
2009-12-23 05:24:59 131072 -c--a-w- c:\windows\system32\dllcache\msadco.dll
2009-12-23 05:21:25 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-12-23 05:21:21 5632 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-12-23 05:20:26 55808 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-12-23 05:19:49 23070 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-23 05:19:27 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-23 05:19:27 117248 ----a-w- c:\windows\system32\ksproxy.ax
2009-12-23 05:19:04 37896 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-12-23 05:19:02 181632 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2009-12-18 07:43:26 0 d-----w- c:\program files\iPod
2009-12-18 07:43:22 0 d-----w- c:\program files\iTunes
2009-12-18 07:43:22 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-09 05:11:45 0 d-----w- c:\documents and settings\jenn\Tracing
2009-12-09 05:08:31 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-09 05:07:49 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-09 05:06:20 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-09 05:06:15 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-09 05:04:31 0 d-----w- c:\program files\Microsoft
2009-12-09 05:04:16 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-09 04:55:17 0 d-----w- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-12-23 05:24:17 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll

============= FINISH: 13:36:07.42 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:04 PM

Posted 11 January 2010 - 07:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 wh33ls

wh33ls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 11 January 2010 - 11:57 PM

Hello,

Thanks for your reply. This problem remains:

The computer has internet connectivity but many programs are broken. I can't run IE; when I try, it says "iexplore.exe Entry Point Not Found. The procedure entry point SetDllDirectoryW could not be located in the dynamic link library KERNEL32.dll." iTunes, AVG Antivirus, etc. don't work either. All these programs give variations of the error "(Program) requires Windows XP SP2 or later." I can't run Windows Update to upgrade to SP3 because IE doesn't work. I was able to install Firefox, which works fine.

OTL.txt is attached to this message. The OTL scan did not produce an Extra.txt file.

Attached Files

  • Attached File  OTL.Txt   212.44KB   3 downloads

Edited by wh33ls, 11 January 2010 - 11:58 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:04 PM

Posted 12 January 2010 - 08:09 AM

Hi,


a lot seems to be broken, I don't know if we will be able to repair everything for sure. Do you have yur Windows XP Cd close by? We may be needing it.

Please run the following scan for rootkits:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 wh33ls

wh33ls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 12 January 2010 - 01:51 PM

Hello,

I do have my Windows XP CD.

Here are the results from the GMER scan. Thank you.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-12 10:49:04
Windows 5.1.2600
Running: gmer.exe; Driver: C:\DOCUME~1\jenn\LOCALS~1\Temp\kwroyuog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]
? C:\WINDOWS\System32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:04 PM

Posted 12 January 2010 - 02:10 PM

Hi,

please run ComboFix:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 wh33ls

wh33ls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 12 January 2010 - 04:13 PM

The ComboFix log is attached. Thank you.

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:04 PM

Posted 12 January 2010 - 04:45 PM

Hi,

ComboFix showed a couple of files to be missing or corrupt. I would therefore like you to run a system file integrity check.

Go to the Run box on the Start Menu and type in:

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

More info on this process can be found here.


How is your PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 wh33ls

wh33ls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 12 January 2010 - 05:32 PM

I put in my Windows XP CD and ran the System File Checker as you instructed below. It scanned for a few minutes then finished. It did not give me a prompt or logfile when it was done.

Unfortunately the same problems still exist on the PC as before: The computer has internet connectivity but many programs are broken. I can't run IE; when I try, it says "iexplore.exe Entry Point Not Found. The procedure entry point SetDllDirectoryW could not be located in the dynamic link library KERNEL32.dll." iTunes, AVG Antivirus, etc. don't work either. All these programs give variations of the error "(Program) requires Windows XP SP2 or later." I can't run Windows Update to upgrade to SP3 because IE doesn't work. I was able to install Firefox, which works fine.

What do you recommend next?

Thanks.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:04 PM

Posted 13 January 2010 - 01:47 PM

Hi,

please try and install Internet Explorer 8. You can get it from here: Microsoft

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\windows\system32\kernel32.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

We can try a couple more steps, but it may be the quickest solution to either to a clean format or to do a repair install of your operating system, to bring things back to work.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 wh33ls

wh33ls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 13 January 2010 - 10:52 PM

Hello,

The install of Internet Explorer 8 failed. This was the error I got:

iesetup.exe - Entry Point Not Found
The procedure entry point SHRegGetValueW could not be located in the dynamic link library SHLWAPI.dll.


VirusTotal only had 1/41 engines find a problem with the kernel32.dll that I uploaded. That entry said:
Antiy-AVL 2.0.3.7 2010.01.12 Trojan/Win32.Patched.gen

Thanks again.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:04 PM

Posted 14 January 2010 - 06:54 AM

Hi,

this sounds a lot like software issues.

I would suggest you try to do a repair install and see if this brings new life to your PC: How to perform a repair install.

let me know if you ahve any problems.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 wh33ls

wh33ls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 January 2010 - 01:38 AM

I'm afraid this did not work. I still had the same error regarding Kernel32.dll and Internet Explorer still didn't work after I finished the repair install.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:04 PM

Posted 15 January 2010 - 04:09 PM

Hi,

I honestly think that a reformat should be considered then. The system seems to be seriously broken and I'm not sure we will be able to fix it.

I have a couple of things left we can try, but I don't think the odds are too good.

Please read through this guide first
  • Please download Dial-A-Fix
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix
Afterwards please run a scan with sreng:
---------
We need to run a scan with System Repair Engineer
  • Download SREng from here: http://www.kztechs.com/sreng/sreng2.zip
  • Extract all content to your Desktop
  • From the sreng2 folder on your Desktop, double-click SREng.exe to run it
  • Select: Smart Scan
  • Then, click the Scan button. When finished, click on the Save Reports button. Save the log to your desktop. Please post the content of the SREnglLOG.log file in your next reply.
Note - When SREng is running, it will create an .EXE file with a random filename in the SREng folder. Some antivirus applications will give warning messages about this, please ignore these warnings.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 wh33ls

wh33ls
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 16 January 2010 - 05:08 PM

I decided to reformat the computer. Thanks very much for your assistance, it is appreciated.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users