I ran Advcleaner to get rid of Aartemis virus, got rid of it but every time I turn on the computer I get this message
There was a problem starting
C:\user\jrmnr\AppData\Local\TBHostSupport\TBHostSupport.dll
The specified module could not be found
I noticed no adverse effects on my computer, Advcleaner removed.
Anything I can do to get rid of the message?
Please download AdwCleaner by Xplode and save to your Desktop.
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.- Click on the Scan button.
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder
# AdwCleaner v3.014 - Report created 09/12/2013 at 10:11:58
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : jrmnr - Y-PC
# Running from : C:\Users\jrmnr\AppData\Local\Temp\wzd8b5\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Users\jrmnr\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Found : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\c9t7q9xd.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\nei0cks9.default\searchplugins\safeguard-secure-search.xml
Folder Found C:\Users\jrmnr\AppData\Local\NativeMessaging
Folder Found C:\Users\jrmnr\AppData\Local\WhiteListing
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v25.0.1 (en-US)
[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\c9t7q9xd.default\prefs.js ]
[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\nei0cks9.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\jrmnr\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : search_url
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [1657 octets] - [09/12/2013 10:11:58]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1717 octets] ##########
After cleanup
# AdwCleaner v3.014 - Report created 09/12/2013 at 10:19:04
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : jrmnr - Y-PC
# Running from : C:\Users\jrmnr\AppData\Local\Temp\wzb099\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v25.0.1 (en-US)
[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\c9t7q9xd.default\prefs.js ]
[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\nei0cks9.default\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\jrmnr\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1797 octets] - [09/12/2013 10:11:58]
AdwCleaner[R1].txt - [931 octets] - [09/12/2013 10:19:04]
AdwCleaner[S0].txt - [1678 octets] - [09/12/2013 10:14:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1050 octets] ##########
No, but I don't see what was deleted, either
Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
After rebooting, tell me if you still get the same message at startup --> "C:\user\jrmnr\AppData\Local\TBHostSupport\TBHostSupport.dll
The specified module could not be found"
I looked into the error specified, all i could see was other posts on alternate forums saying that it can be related to conduit and other malware.
Unfortunately, even after running TFC the message is still there.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by jrmnr on Mon 12/09/2013 at 15:26:26.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
TBHostSupport REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\jrmnr\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4AC4A837-8B8C-4016-A36F-3CBF083DC03C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CAFC2AF4-2AB7-4E4E-BBAC-DFFBB7497D3B}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\jrmnr\appdata\local\cre"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\Users\jrmnr\AppData\Roaming\mozilla\firefox\profiles\nei0cks9.default\searchplugins\privitize.xml
Successfully deleted the following from C:\Users\jrmnr\AppData\Roaming\mozilla\firefox\profiles\nei0cks9.default\prefs.js
user_pref("extensions.defaulttab.installdate", 1376679256);
user_pref("extensions.defaulttab.lastUsed", 1376680430);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "5");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.cntry", "US");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.dpkLst", "1169821598,3855095921,302281469,2400444324,3654782829,1334533236,3874294282,3866767559,3224935090,3 754950497,1766448872,2740670312,10
user_pref("extensions.privitize.excTlbr", false);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hdrMd5", "1476812F6451A3CD82E34AA7F087FB4C");
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=80ca95690000000000000024e82a637b&affilt=5");
user_pref("extensions.privitize.id", "80ca95690000000000000024e82a637b");
user_pref("extensions.privitize.instlDay", "15858");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=80ca95690000000000000024e82a637b&affilt=5");
user_pref("extensions.privitize.lastVrsnTs", "1.8.21.614:13:17");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=80ca95690000000000000024e82a637b&affilt=5");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.sg", "none");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=80ca95690000000000000024e82a637b&affilt=5&q=");
user_pref("extensions.privitize.vrsn", "1.8.21.6");
user_pref("extensions.privitize.vrsnTs", "1.8.21.614:13:17");
user_pref("extensions.privitize.vrsni", "1.8.21.6");
Emptied folder: C:\Users\jrmnr\AppData\Roaming\mozilla\firefox\profiles\nei0cks9.default\minidumps [362 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/09/2013 at 15:35:19.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Quote