Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error messages


  • This topic is locked This topic is locked
16 replies to this topic

#1 mattom

mattom

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 10:21 AM

Hi ,

First of all I'm sorry for my bad English secondary I'd like to say that I'm just new on this forum so I'm not really aware from how you post and such but I'll give it a go.

I'm currently having a problem for 2 days now. It all started when i started up my computer and it was acting kind off strange. My Avira was detecting some suspicious files so I started a scan. Also I activated RegEdit to clean up a bit. When i logged on my PC at night I was getting popups over and over again. So I scanned again and found 10 "TR/..." .
Now the next day I get infront of my computer i get 3 types of errors

1. C:\\Windows\System32\Faviheki.dll cannot be found

2. C:\\Windows\System32\Regizogu cannot be found

3. Exeption processing message : C0000013 Parameters = 75b0bf7c 4 75b0b7c 75b0bf7c


My computer stops starting up until i cancel X10 times on the 3th error.



I hope I didn't double post or anything and that someone can give me some more information about this issue.


Greetings

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:20 AM

Posted 19 May 2009 - 10:30 AM

It's not unusual to receive such an error when "booting up" after using anti-virus and other security scanning tools to remove a malware infection.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to a malware file that was set to run at startup in the registry but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to this link.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the file(s) in the error message.
  • Right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.
If you're going to keep and use Autoruns, be sure to read:Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 10:42 AM

Thnx for the fast reaction, although I'd like to add something more to my problem list.


When I enter for example an USB-device (usb-stick) the sound will be made and you can see that the device is found although its not displaying as a F:\\ ( as it did 3 days ago).
I tried to check my hardware tree to actually see if it's there. I deleted it and putted my stick back into another USB-port, it initiated and installed but still no sign of opening.

Also when I open for example a Word-Document the 3th error will come back until i press it multiple times again.


Sorry for the late information I'm currently busy with your advice


Thanks again


Greetings

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:20 AM

Posted 19 May 2009 - 10:44 AM

You may be dealing with separate issues besides malware. Lets deal with the malware first and go from there.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 11:09 AM

1. Autorun

I succeeded to stop the 2 errors from the Dll's with the program autorun like you asked me to do.
Error nr3 is still there , i'm still searching if I can find something in autorun itself but since i knew it would take a while to scan i did that meanwhile.

2. Malware

The program asked me to restart since some of the files were difficult to delete like you said in your explanation.

Here's my log


Malwarebytes' Anti-Malware 1.36
Database versie: 2154
Windows 5.1.2600 Service Pack 3

19/05/2009 18:01:25
mbam-log-2009-05-19 (18-01-20).txt

Scan type: Snelle Scan
Objecten gescand: 92587
Verstreken tijd: 5 minute(s), 0 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 5
Registersleutels ge´nfecteerd: 13
Registerwaarden ge´nfecteerd: 9
Registerdata bestanden ge´nfecteerd: 6
Mappen ge´nfecteerd: 1
Bestanden ge´nfecteerd: 16

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
C:\WINDOWS\system32\denekilo.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\mejiyolo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pedisasa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\biserano.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\__c00B2246.dat (Trojan.Agent) -> No action taken.

Registersleutels ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34d26226-043b-4c6f-8752-73a9f164b55d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{34d26226-043b-4c6f-8752-73a9f164b55d} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34d26226-043b-4c6f-8752-73a9f164b55d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00b2246 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Registerwaarden ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c9a8956 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7fa9baca (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rinibevapu (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fe1eed.exe (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ptidle (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> No action taken.

Registerdata bestanden ge´nfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mejiyolo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pedisasa.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pedisasa.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Mappen ge´nfecteerd:
C:\Documents and Settings\Matthias\Application Data\ptidle (Trojan.Downloader) -> No action taken.

Bestanden ge´nfecteerd:
C:\WINDOWS\system32\biserano.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\onaresib.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bulopazo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ozapolub.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\darunuwe.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ewunurad.ini (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\mejiyolo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\denekilo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\pedisasa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\temp\_A00FE1EED.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\glsetup.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lugibifi.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lulakodu.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c00B2246.dat (Trojan.Vundo) -> No action taken.
C:\WINDOWS\AutoUpdateWin31.dll (Adware.Agent) -> No action taken.
C:\WINDOWS\AutoUpdateWin33.exe (Adware.Agent) -> No action taken.


*edit : i just noticed that I installed it in dutch , if you want me to redo it in English tell me *

Edited by mattom, 19 May 2009 - 11:13 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:20 AM

Posted 19 May 2009 - 11:13 AM

Now rescan again with Malwarebytes Anti-Malware but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 11:16 AM

Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


are you meaning i should do this in save mode or? (sorry for misunderstandings)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:20 AM

Posted 19 May 2009 - 11:23 AM

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, it loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. When done with your scan, reboot normally.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 11:24 AM

Ok thank you


(scan is running)

#10 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 11:51 AM

Malwarebytes' Anti-Malware 1.36
Database versie: 2154
Windows 5.1.2600 Service Pack 3

19/05/2009 18:51:10
mbam-log-2009-05-19 (18-51-10).txt

Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 198959
Verstreken tijd: 30 minute(s), 25 second(s)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 0
Registerdata bestanden ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Mappen ge´nfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden ge´nfecteerd:
(Geen kwaadaardige items gevonden)

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:20 AM

Posted 19 May 2009 - 12:22 PM

When doing a search on the net for Exception Processing Message c0000013 Parameters, you will find thousands of complaints in regards to this error with various causes (to include malware) and possible solutions. What works for one person may not work for another. There is a 16 page discussion about the error in this thread which started over two years ago.

A detailed explanation of the various causes can be found in Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c - fixed!.

Ľ If using QuickTime for Windows, see QuickTime "No Disk" Message .
Ľ If using an HP Media Center computer with Windows XP Media Center Edition 2005, see Error in Media Center: ehExtHost.exe No Disk and HP Image Zone Update.

If none of those suggestions are applicable or resolve the error, then its probably due to hidden/undetected malware. If that's the case, the issue will require further investigation. Many of the tools we use in this forum are not capable of detecting all malware variants so more advanced tools are needed to investigate. Let me know how it goes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 12:39 PM

When I started reading on
http://www.consumingexperience.com/2007/11...processing.html

I saw they were talking about drive letters , me myself has tried this but when i try to check my Disks as i said in my first post they ain't there at all so i cant set another drive letter to it.

http://img148.imageshack.us/img148/2879/problemw.png


Although in the my computer i still have my 2 partitions.

http://img135.imageshack.us/img135/5679/mycomputer.png

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:20 AM

Posted 19 May 2009 - 01:04 PM

Troubleshooting Disk Management (scroll down)
Troubleshooting Disk Drives in Windows XP

If you do a Google search, you will find a lot of similar reports about this issue with various causes and possible solutions. What works for one person may not work for another.

Edited by quietman7, 19 May 2009 - 01:05 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 May 2009 - 01:23 PM

I've been doing that some time now google it


I assume i'm the worse google'er on earth since I cant find any propper input for my problem

#15 mattom

mattom
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 20 May 2009 - 12:20 PM

Hi , a next problem has appeared.

When i was trying to open task manager it was disabled and could not be opened so i went to my Register to check if it was signed of but it wasn't so i switched off , on again and I can do taskmanage again but when I close the register it disables it again.



I think I have to go deeper with viruses and such.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users