Explorer.exe keeps restarting and .dll errors

By Elzinho Ammar · 53 replies
Feb 21, 2013
  1. Elzinho Ammar

    Elzinho Ammar TS Rookie Topic Starter Posts: 43

    GMER 2.1.19155 - http://www.gmer.net
    Rootkit scan 2013-03-15 08:11:00
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9160821AS rev.3.ALD 149.05GB
    Running: gmer.exe; Driver: C:\Users\ELYAZI~1\AppData\Local\Temp\aglyapob.sys

    ---- Kernel code sections - GMER 2.1 ----
    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 824529E9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8248C1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ---- Devices - GMER 2.1 ----
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
    ---- Registry - GMER 2.1 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efc4bcf
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efc4bcf (not active ControlSet)
    ---- EOF - GMER 2.1 ----

  2. Elzinho Ammar

    Elzinho Ammar TS Rookie Topic Starter Posts: 43

    Hi, sorry bout that, im still here.
  3. Elzinho Ammar

    Elzinho Ammar TS Rookie Topic Starter Posts: 43

    Currently stll explorer.exe is restarting. and everytime any programme is launched, a .dll error comes out, though the programme may still run. can't run any anti-virus software in normal mode, or anything that has a admin logo on it's icon.
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49


    Delete the old version of TDSSKiller you have, download a new one from here.

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

    New log from ComboFix

    We would like to see a ☆new log☆ from ComboFix. Please find the ComboFix icon on your Desktop, delete it, download a new one, and double-click on it. Once it finishes running, post the new log.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...