View Full Version : Error
Leary22
11-23-2008, 02:30 PM
After running Barts CD Repair these pops up on the PC Now ... and i keep getting that there are more virus found ... i have ran Arovax AntiSpyware
...Malwarebytes' Anti-Malware....avast! Virus Cleaner... ... Check disk is fine and no bad sectors on the HD ....still getting this error ---
"error loading c:\windows\b159126c.dll"
Leary22
11-23-2008, 03:58 PM
Never ran Hijack this and good to go somewhat...
run hijackthis, post a log in this thread (do not do anything in it besides get the log at this moment in time) and wait for further instructions
Leary22
11-23-2008, 04:41 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:58 AM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [\YURB4.exe] C:\Windows\system32\YURB4.exe
O4 - HKLM\..\Run: [\YURB5.exe] C:\Windows\system32\YURB5.exe
O4 - HKLM\..\Run: [\YURB6.exe] C:\Windows\system32\YURB6.exe
O4 - HKLM\..\Run: [\YURB7.exe] C:\Windows\system32\YURB7.exe
O4 - HKLM\..\Run: [\YURB8.exe] C:\Windows\system32\YURB8.exe
O4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKLM\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKLM\..\Run: [\YUR1E.exe] C:\Windows\system32\YUR1E.exe
O4 - HKLM\..\Run: [\YUR3A.exe] C:\Windows\system32\YUR3A.exe
O4 - HKLM\..\Run: [\YUR40.exe] C:\Windows\system32\YUR40.exe
O4 - HKLM\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe
O4 - HKLM\..\Run: [\YUR4D.exe] C:\Windows\system32\YUR4D.exe
O4 - HKLM\..\Run: [\YUR11.exe] C:\Windows\system32\YUR11.exe
O4 - HKLM\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKLM\..\Run: [\YUR44.exe] C:\Windows\system32\YUR44.exe
O4 - HKLM\..\Run: [\YUR57.exe] C:\Windows\system32\YUR57.exe
O4 - HKLM\..\Run: [vhfyvpvege] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tvwhopzpkjeg.dll"
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWS\system32\sysservice.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kdecanomohagiq] rundll32.exe "C:\WINDOWS\7f56a.dll",e
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YUR1E.exe] C:\Windows\system32\YUR1E.exe
O4 - HKCU\..\Run: [\YUR3A.exe] C:\Windows\system32\YUR3A.exe
O4 - HKCU\..\Run: [\YUR40.exe] C:\Windows\system32\YUR40.exe
O4 - HKCU\..\Run: [\YUR42.exe] C:\Windows\system32\YUR42.exe
O4 - HKCU\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKCU\..\Run: [\YUR44.exe] C:\Windows\system32\YUR44.exe
O4 - HKCU\..\Run: [\YUR57.exe] C:\Windows\system32\YUR57.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [Gool] C:\Documents and Settings\home\Application Data\Gool\Gool.exe
O4 - HKCU\..\Run: [Usod] "C:\DOCUME~1\home\APPLIC~1\CROSOF~1.NET\winlogon.ex e" -vt yazb
O4 - HKCU\..\Run: [Enond] "C:\Documents and Settings\home\Application Data\?racle\dexplore.exe"
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\home\Application Data\Facegame\Facegame.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227 A755E9C2933154389A
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\YURB4.exe] C:\Windows\system32\YURB4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\YURB5.exe] C:\Windows\system32\YURB5.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\YURB6.exe] C:\Windows\system32\YURB6.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\YURB7.exe] C:\Windows\system32\YURB7.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [\YURB8.exe] C:\Windows\system32\YURB8.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [GetModule27] C:\Program Files\GetModule\GetModule27.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gadcom] "C:\WINDOWS\system32\config\systemprofile\Applicati on Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227 A755E9C2933154389A (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dbusiuuu.exe] C:\WINDOWS\dbusiuuu.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url]http://lads.myspace.com/upload/MySpaceUploader1005.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/Facebo...otoUploader.cab[/url]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url]http://download.divx.com/player/DivXBrowserPlugin.cab[/url]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [url]https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx[/url]
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: c00145F - C:\WINDOWS\SYSTEM32\c00145F.mat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
--
End of file - 8595 bytes
By the way, I didn't mention it in my last post, but that's as far as I know... There's a handful of people here that know and understand how to read those logs, they are busy, so be patient, someone who can read the logs will post back with instructions
classicsoftware
11-23-2008, 07:00 PM
Please answer the following:
Can you boot into Normal Mode?
Do you have access to a CD Burner in a clean PC?
Leary22
11-23-2008, 10:47 PM
yes and yes
classicsoftware
11-24-2008, 09:25 AM
Go to the clean PC and download the programs below to a CD.
Boot into safe mode and run the two programs.
Boot into regular mode and run them again
First:
How to run a scan with Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/QUOTE]
Second:
Please do the following:
Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.
Note:
Do not mouseclick Combofix's window while it is running. That may cause the program to stall...
Third:
IN THIS ORDER AND WITH NOTATIONS AS TO WHICH IS WHICH
Re-boot the system
Post the MBAM log FROM SAFE MODE
Post the MBAM log FROM REGULAR MODE
Post the Combofix Log FROM SAFE MODE
Post the Combofix Log log FROM REGULAR MODE
Post a new HJT log log FROM REGULAR MODE
Tell us how the system is running.
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.