Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Run DLL error, Popups, redirects, Slow, infected but with what?


  • This topic is locked This topic is locked
15 replies to this topic

#1 Seek and Destroy

Seek and Destroy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 05 January 2014 - 05:43 PM

Hello,

 

Two days ago I downloaded google chrome and ever since my computer has gone crazy! Uninstalled it, but have the same problems. When going online I will receive a run DLL error that states the following;

 

There was a problem starting C:\Users\The  

The specific module could not be found.

 

The browser will then open but will have many redirects, pop up windows of various videos in the background, and pop ups stating I need to update java or video player, which I know is up to date currently. Have run Norton and during scan only found cookies, but if I look at security history the following have been removed;

 

setup.exe (WS.Reputation.1)

 

And the following have been quarantined;

 

setup.exe (Suspicious.Cloud.9)

 

Unconfirmed 739007.crdownload (Suspicious.Cloud.9)

 

Ran Malwarebytes and found 112 PUP

 

PUP.Optional.Conduit

PUP.Optional.Conduit.A

PUP.Optional.Pass Show.A

 

and many more.... to overwhelmed to even know what to delete or do...soooo I just left malwarebytes scan up and didn't touch (delete anything) Any help would be appreciated. Thanks. Running windows 8 x64 NTFS

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 05 January 2014 - 07:10 PM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
4. As a final step, rescan again with Malwarebytes Anti-Malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 05 January 2014 - 07:13 PM

It is not uncommon to receive such an error(s) when booting into Windows after using anti-virus and other security scanning tools to remove malware.

RunDLL32.exe is a legitimate Windows file that executes/loads .dll (Dynamic Link Library) modules which too can be legitimate or sometimes malware related. A RunDLL "Error loading..." or "specific module could not be found" message usually occurs when the .dll file(s) that was set to run at startup or as scheduled task in the registry or as a scheduled task has been deleted. Windows is trying to load this file(s) but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry or scheduled task entry so Windows stops searching for the file when it loads.

To resolve this, download AutoRuns and save it to your Desktop.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there.
  • Open the folder and double-click on autoruns.exe to launch it.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Please be patient as it scans and populates the entries.
  • When finished scanning, it will say Ready at the bottom and list all entries under the Everything tab.
  • In the top menu, click File > Find... and type the file name related to the error message, then click Find Next.
  • Alternatively, you can scroll through the list and look for any entry related to the file in the error message.
  • If found, right-click on the entry and choose delete.
  • Exit Autoruns and reboot your computer when done.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 05 January 2014 - 08:02 PM

# AdwCleaner v3.016 - Report created 05/01/2014 at 18:24:47
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : The Big Wiggs - SUNORAHFARM
# Running from : C:\Users\The Big Wiggs\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIPROVIJ\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\The Big Wiggs\AppData\Local\Conduit
Folder Deleted : C:\Users\The Big Wiggs\AppData\Local\Mobogenie
Folder Deleted : C:\Users\The Big Wiggs\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\The Big Wiggs\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\The Big Wiggs\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\The Big Wiggs\AppData\LocalLow\Connect_DLC_5
Folder Deleted : C:\Users\The Big Wiggs\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\The Big Wiggs\Documents\Mobogenie
Folder Deleted : C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3C51C12-360B-4F09-B21F-A526FF598AA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05E2CBF1-4503-4EE5-8523-90BEFC769E33}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Connect_DLC_5
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v

[ File : C:\Users\The Big Wiggs\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8930 octets] - [05/01/2014 18:18:21]
AdwCleaner[S0].txt - [8389 octets] - [05/01/2014 18:24:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8449 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8 x64
Ran by The Big Wiggs on Sun 01/05/2014 at 18:45:12.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D199F9E7-CDC9-4463-BB81-68317A553BCE}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Failed to delete: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/05/2014 at 18:51:03.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Here are the two log reports you asked for. Pop ups are still coming but not nearly as bad as before. Running malware-bytes and have found 28 so far. Run DLL stopped popping up after I ran the programs you stated should I still download AutoRuns ?
Thanks
 



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 05 January 2014 - 08:08 PM

If the Run DLL error has stopped, you can skip using Autoruns.

Please perform a scan with Emsisoft Web Malware Scanner which contains the same dual-engine scanner features of Emsisoft Anti-Malware to include cleaning and quarantine.
-- Vista/Windows 7/8 users need to run Internet Explorer as Administrator. To do this, right-click on the Internet Explorer icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

Note: This scanner is based on ActiveX technology and only supports Internet Explorer with ActiveX enabled to run correctly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 05 January 2014 - 08:09 PM

Then perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.
  • -- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 January 2014 - 10:28 AM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Connect_DLC_5\ldrtbConn.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Connect_DLC_5\tbConn.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\The Big Wiggs\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\The Big Wiggs\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\The Big Wiggs\AppData\LocalLow\Connect_DLC_5\tbConn.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Users\The Big Wiggs\Downloads\cbsidlm-cbsi145-Checkers-SEO-10029349.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined

 

Here is the last log. Still getting popups for java downloads and random audio. Not as bad as before, but still there. Thanks again.
 



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 06 January 2014 - 10:43 AM

Can you post the RKill log?

RKill should have created a log file named RKill.log and saved it to the root directory, usually C:\. Copy and paste the contents of the RKill.log in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 January 2014 - 11:01 AM

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/05/2014 06:15:25 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\system32\valWBFPolicyService.exe (PID: 2156) [WD-HEUR]
 * C:\Users\The Big Wiggs\Documents\RCA Detective\RCADetective.exe (PID: 2520) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\The Big Wiggs\Desktop\rkill\rkill-01-05-2014-06-15-31.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/05/2014 06:15:56 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 06 January 2014 - 11:12 AM

Are the pop ups only occurring with your Chrome browser?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 January 2014 - 11:14 AM

no, I uninstalled chrome and have been using internet explorer.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 06 January 2014 - 11:33 AM

Try resetting Internet Explorer settings or use fixit_logo.png to automatically reset registry keys and the browser back to default.
* Microsoft Fix it Blog: Reset Internet Explorer settings
* How to reset Internet Explorer settings (all versions)
* Method 5: Reset the Internet Explorer settings with Microsoft FixIt <- for XP, Vista and older browser versions
* How to reset Internet Explorer settings

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 January 2014 - 11:52 AM

Restored, but still getting pop ups. All of them are for update video player/ update java ore error messages saying website had detected that you must update java/ media player immediately and a redirect to website that is not official.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 06 January 2014 - 11:55 AM


This issue will require further investigation and a more comprehensive look at your system. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Seek and Destroy

Seek and Destroy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 January 2014 - 12:53 PM

Thank You for all of your help thus far. It is greatly appreciated!

 

http://www.bleepingcomputer.com/forums/t/519867/pop-ups-redirects-ads-to-unoffical-java-or-video-player-download/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users