Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirecting, IE won't load, possible explorer.exe corruption


  • This topic is locked This topic is locked
3 replies to this topic

#1 ApolloZAZ

ApolloZAZ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 30 December 2010 - 01:34 AM

Came across this nasty bug on Monday and have spent the last two days trying to remove it. The first signs of a problem were the redirects while using online searches. Malwarebytes and Super AntiSpyware find problems and try to remove suspect files, but the files keep coming back and the redirects won't stop. Euqally frustrating, MB and SAS want to remove explorer.exe, which then leads to problems trying to restart. Finally, IE won't load and I suspect that is also why I can't seem to get Windows Update to download and install.

Any help is greatly appreciated. It's a Dell Vostro 1500 running Vista. Thanks in advance and the logs are posted below.



DDS -



============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tash\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================
FF - ProfilePath - c:\users\tash\appdata\roaming\mozilla\firefox\profiles\wp57d9yb.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\tash\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-29 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-22 1153368]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-27 30192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

=============== Created Last 30 ================

2010-12-30 00:32:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-29 21:51:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-29 21:51:16 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-29 21:44:59 -------- d-----w- c:\users\tash\appdata\local\Sunbelt Software
2010-12-29 21:43:14 -------- d-----w- c:\program files\Lavasoft
2010-12-29 21:33:37 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-29 18:18:53 -------- d-----w- c:\users\tash\appdata\roaming\SUPERAntiSpyware.com
2010-12-29 18:18:53 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2010-12-29 18:18:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-29 17:46:11 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d99c8445-85cb-4f79-a548-309a94246600}\mpengine.dll
2010-12-29 04:39:59 -------- d-s---w- C:\ComboFix
2010-12-29 03:59:23 -------- d-----w- c:\users\tash\appdata\roaming\QuickScan
2010-12-28 23:54:34 -------- d-----w- c:\program files\Sophos
2010-12-28 23:11:48 -------- d-sh--w- C:\$Recycle(1).Bin
2010-12-28 18:44:01 -------- d-----w- c:\program files\ESET
2010-12-28 15:50:15 -------- d-----w- C:\PerfLogs
2010-12-28 15:10:19 -------- d-----w- C:\95886fbbc2930eecf853c9fda7fd
2010-12-28 02:55:22 3584 ----a-w- c:\windows\system32\ms.dll

==================== Find3M ====================

2010-11-11 00:17:50 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-11-11 00:17:49 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 22:55:12.98 ===============



GMER

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8C8A3620]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B6BC380, 0x3590D2, 0xE8000020]
? C:\Users\Tash\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\explorer.exe[2872] explorer.exe 00BB290F 2 Bytes [C0, 14]
.text C:\Windows\explorer.exe[2872] explorer.exe 00BB2930 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\explorer.exe[2872] kernel32.dll!CreateProcessInternalW 7646E42D 5 Bytes JMP 00257247

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0034B681
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0034A868
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 003495BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0034B9AD
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 0034870D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00347E61
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 003483A9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 003494B7
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00349BFA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 003498EA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00349BA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0034A1E4
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00349CF2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 003496BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 003499AC
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0034956E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 003492E2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 0034B68D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00348662
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0034ABE9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0034AB3E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0034AB0E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00348EA6
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00347A66
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0034962B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00347881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0034804D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00346CA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 003490A5
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 0034B67B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 0034B812
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 0034B7E0
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0034B935
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0034B991
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 0034B87E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0034B467
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2432] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0034B27A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 ApolloZAZ

ApolloZAZ
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 02 January 2011 - 09:31 PM

Never mind as I think I finally figured it all out. Had a trojan file, ms.dll, that was linked to kernel32.dll and was only discovered by an ESET scan. If I removed it with ESET, then explorer wouldn't load at all. Fixed that problem by reinstalling SP1 and SP2 via Microsoft's website and now I am up and running again.

Stupid trojans.

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:22 AM

Posted 06 January 2011 - 09:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Thanks for letting us know, since this this topic appears to be resolved, I will get it closed.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 AM

Posted 06 January 2011 - 09:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users