Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegRun shows several infections - Unable to fix; explorer.exe infected


  • Please log in to reply
3 replies to this topic

#1 Broken_Babbage

Broken_Babbage

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:12 AM

Posted 25 May 2012 - 10:33 AM

I've tried to let RegRug fix everything but the explorer.exe problem. It freezes. I've run Malwarebytes and everything else (AVAST, SPYBOT), but now it looks like they're infected too. Here's the report from Reg Run. I have no idea what to do at this point, especially any kernel problems... Any help here would be greatly appreciated.

EDIT: Running Windows 7 home premium, 64-bit. HP laptop.
EDIT2: Forgot I ran Eset online yesterday...

Pop-up immediately following Start-Up:

The procedure entry point sqlite3_wal_checkpoint could not be located in the dynamic link library SQLite3.dll

Reg Run Reanimator Report upon Start-up:

SERIOUS PROBLEM
Problem computer component: Windows Shell
Type: System.ini
Author: unknown
Item Name: shell
Related File: explorer.exe

SUSPICIOUS ITEMS/MIGHT BE LEGIT
Problem computer component: Kernel Auto Boot
Type: LSA Notification Packages
Author: Microsoft Corporation
Item Name: scecli
Related File: C:\Windows\SysWOW64\SCECLI.DLL

Problem computer component: Kernel Auto Boot
Type: LSA Security Packages
Author: Microsoft Corporation
Item Name: schannel
Related File: C:\Windows\SysWOW64\SCHANNEL.DLL

Problem computer component: Kernel Auto Boot
Type: LSA Security Packages
Author: Microsoft Corporation
Item Name: wdigest
Related File: C:\Windows\SysWOW64\WDIGEST.DLL

Problem computer component: Kernel Auto Boot
Type: LSA Security Packages
Author: Microsoft Corporation
Item Name: tspkg
Related File: C:\Windows\SysWOW64\TSPKG.DLL

Problem computer component: Kernel Auto Boot
Type: LSA Security Packages
Author: Microsoft Corporation
Item Name: pku2u
Related File: C:\Windows\SysWOW64\PKU2U.DLL

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Adobe Systems Incorporated
Item Name: AdobeARMservice
Related File: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: AVAST Software
Item Name: avast! Antivirus
Related File: C:\Program Files\AVAST Software\Avast\AvastSvc.exe


Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Apple Inc.
Item Name: Bonjour Service
Related File: C:\Program Files\Bonjour]mDNSResponder.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: DeviceVM, Inc.
Item Name: DvmMDES
Related File: C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: DeviceVM, Inc.
Item Name: EFS
Related File: C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Hewlett-Packard
Item Name: HP Wireless Assistant Services
Related File: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Hewlett-Packard Company
Item Name: HPDrvMntSvc.exe
Related File: C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Safer Networking Ltd.
Item Name: SBSDWSCService
Related File: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Safer Networking Ltd.
Item Name: Schedule
Related File: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Memeo
Item Name: SeagateDashboardService
Related File: C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

Problem computer component: Kernel Auto Boot
Type: Auto Services
Author: Symantec Corporation
Item Name: SMcService
Related File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

Problem computer component: kernel Auto Boot
Type: Codecs
Author: Microsoft Corporation
Item Name: vidc.mrle
Related File: C:\Windows\SysWOW64\MSRLE32.DLL

Problem computer component: kernel Auto Boot
Type: Codecs
Author: Microsoft Corporation
Item Name: vidc.msvc
Related File: C:\Windows\SysWOW64\MSVIDC32.DLL

Problem computer component: kernel Auto Boot
Type: Codecs
Author: Microsoft Corporation
Item Name: midimapper
Related File: C:\Windows\SysWOW64\MIDIMAP.DLL

Problem computer component: Kernel Auto Boot
Type: Codecs
Author: vidc.uyvy
Item Name: C:\Windows\SysWOW64\MSYUV.DLL

Edited by Broken_Babbage, 25 May 2012 - 10:47 AM.


BC AdBot (Login to Remove)

 


#2 JocoseJosue

JocoseJosue

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 AM

Posted 25 May 2012 - 12:34 PM

Okay so I've had this problem before, I used a program called "Spyware Doctor with AntiVirus" and I still use it. Its $40 so it’s pretty pricey, but I considered it as a good investment 'cause I never had the same problem again.

Heres the site: EDIT: Removed a pay for link.

Step 1: Download
Step 2: Scan
Step 3: Register
Step 4: Buy and fix your computer

(I think those are all the steps)


EDIT
Hello, while we appreciate you attempting to help. You are suggesting they pay for a product are you a reseller? If you haven't noticed we at BleepingComputer will clean this for free. That's what this is about.

Edited by boopme, 25 May 2012 - 09:40 PM.


#3 Broken_Babbage

Broken_Babbage
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:12 AM

Posted 26 May 2012 - 12:17 PM

@JocoseJosue - I have had the free version of Spyware Doctor for a while now. I don't believe it can help with this problem.

Update: Symantec is finally picking up on something being wrong and has ID'd a bunch of trojans in my temp folder.

Malwarebytes is still telling me things are fine, as well as Avast. Only Symantec and UnHackMe/RegRun have detected the problems.

I'm going to dig around and do some uninstall/reinstalls, new scans, and CCleaner and see if that helps..

#4 Broken_Babbage

Broken_Babbage
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:12 AM

Posted 30 May 2012 - 08:06 PM

UPDATE:

I uninstalled then reinstalled Spybot Search & Destroy, Malwarebytes, Unhackme, and CCleaner. Have not reinstalled Avast as I have the Malwarebytes trial service going. Most of the problems have gone. What remains is the missing DLL and the infected explorer.exe issue (C&P'd below)


Pop-up immediately following Start-Up:

The procedure entry point sqlite3_wal_checkpoint could not be located in the dynamic link library SQLite3.dll

Reg Run Reanimator Report upon Start-up:

SERIOUS PROBLEM
Problem computer component: Windows Shell
Type: System.ini
Author: unknown
Item Name: shell
Related File: explorer.exe


Additionally, google sent an alert about an attempt to log-on to one of my emails... from Moscow. Being that I am not a globe-trotting wizard, password was changed. Luckily that password was completely unrelated to any other password I've used (and I was proud of that string of numbers). So, I'm thinking there's still a problem... Yippee.

Please help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users