Specified module error message on start up

I have just finished following all your steps in removing multiple trojan horse viruses and other malware from my friend's computer. Running scans finds no more malware. The only problem I cannot solve is a message on start up that says: C:\windows\system32\glrhlwdk.dll specified module could not be found. Everything is working fine but I would like to get rid of this. Can you help?

 

Hi cec!
Welcome to Major Geeks!

The message you're getting indicates that you've done harm to the malware but not yet completely finished it off. It would help us if we could take a look at the logs that are requested in the READ & RUN ME FIRST as that would give us more of a clue where that message is coming from. Your MGlogs.zip will be located directly under C:\ (or wherever your operating system is located).

Thanks.
abri

 

I have attached MGlogs.zip. Do you need more?

 

Hi cec!

There are some things which need fixing still. To avoid getting things started up again, please don't use your computer much until I can post instructions to you. I am in night mode (zzzzzzz) and will be back tomorrow.

abri

 

Thanks for your help. Hopefully I have completed everything as you asked. AVG did not give me a log but the scan came out clean - nothing detected.

 

Hi cec!
Happy New Year!

1) Go to add/remove programs and uninstall the below:

- Viewpoint Media Player

2) Install the current version of Sun Java from: Sun Java Runtime Environment


3) Next we need to remove some bad services, please follow the below…

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Core LC
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now Click OK until you get back to Windows.
• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste Symantec Core LC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: {0e5001c7-656a-87cb-fea4-beb218865281} - {18256881-2beb-4aef-bc78-a6567c1005e0} - (no file)
O2 - BHO: (no name) - {2355E7B2-8B2B-4001-A07A-8040C0761995} - (no file)
O2 - BHO: (no name) - {23eebf40-30a4-42f0-9417-9235d0ebe48c} - (no file)
O4 - Global Startup: Digital Line Detect.lnk = ?
O20 - Winlogon Notify: byxwwwv - byxwwwv.dll (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Again, make sure ALL browser windows are closed when you click FIX.

5) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

6) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Abri,

Happy New Year to you too. I have completed all the steps in your last directions except the line in step #4 (O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe) was not on the list.

Everything seems to be working fine except I am unable to attach the logs you requested. I clicked on the "quote" choice to reply to you and this is all that shows under Attach Files: Attach Files
Valid file extensions: bmp doc gif jpe jpeg jpg log pdf png psd txt zip. There is no box to manage attachments. I also tried by choosing the quick reply and advanced options and it still was not there. Logging in to this forum on my computer (ie not the one with the problem shows the manage attachments box.) What do I do?

 

Hi cec!

Sorry about the attachments. Please try clearing your browser cache before you attach the logs or try using another browser. If you only have Internet Explorer, you can download either Firefox or Opera at http://www.majorgeeks.com/downloads5.html

Mozilla Firefox is at the top of the page, Opera is down farther under the letter O. At the moment Opera has the higher security rating.

abri

 

Hi again,

The log files are now attached. By the way I no longer get the error message I originally wrote about (specified module error). I hope the log files show everything to be good!

 

Hi cec!
All the bad files didn't get deleted because Avenger didn't run correctly. Please try the following:

First copy out the instructions in post #7. Make sure Avenger is installed correctly as per the instructions. Then turn your computer off, unplug it from the internet and make sure your antivirus, your comodo firewall and all spyware are disabled. Then follow the instructions again for Avenger. Make sure you do exactly what it says and see if you can get it to work. It is the best tool. If it does not work, we will change to older procedures which are a little more complicated.

abri

 

I think it ran properly this time.

 

Hi cec!
Sorry! I'm getting behind here. I need for you to run the C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip. From the Avenger log I can see which files were deleted, but I can't check if new files came in during that time and I need to know if the registry entries couldn't be found because they are already gone or for some other reason. I need to know this before I can tell you whether you're finished or not.

Also, please open Spybot S&D by doubleclicking on the icon on the desktop and click on the immunize button (blue and white shield) over on the left side.

How is your computer working?

abri

 

Abri,

Thanks for getting back to me. Unfortunately I had to give my friend her computer back on Saturday (her daughter was in town to pick it up). Everything was working well when I handed it over. If they have more problems I am sure they will let me know. Thanks again.

 

Hi cec!
Thanks for telling me. Just tell them they need to reimmunize with Spybot and if they want to finish up the final clean-up instructions, they can just post to me here and I'll help them.

abri