Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: annoying message


09 Dec 2013   #1

win7 64 bit
 
 
annoying message

I ran Advcleaner to get rid of Aartemis virus, got rid of it but every time I turn on the computer I get this message

There was a problem starting

C:\user\jrmnr\AppData\Local\TBHostSupport\TBHostSupport.dll
The specified module could not be found


I noticed no adverse effects on my computer, Advcleaner removed.
Anything I can do to get rid of the message?

My System SpecsSystem Spec
.

09 Dec 2013   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder
My System SpecsSystem Spec
09 Dec 2013   #3

win7 64 bit
 
 

# AdwCleaner v3.014 - Report created 09/12/2013 at 10:11:58
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : jrmnr - Y-PC
# Running from : C:\Users\jrmnr\AppData\Local\Temp\wzd8b5\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\jrmnr\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Found : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\c9t7q9xd.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\nei0cks9.default\searchplugins\safeguard-secure-search.xml
Folder Found C:\Users\jrmnr\AppData\Local\NativeMessaging
Folder Found C:\Users\jrmnr\AppData\Local\WhiteListing

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\c9t7q9xd.default\prefs.js ]


[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\nei0cks9.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\jrmnr\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : search_url
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [1657 octets] - [09/12/2013 10:11:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1717 octets] ##########
My System SpecsSystem Spec
.


09 Dec 2013   #4

win7 64 bit
 
 

After cleanup
# AdwCleaner v3.014 - Report created 09/12/2013 at 10:19:04
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : jrmnr - Y-PC
# Running from : C:\Users\jrmnr\AppData\Local\Temp\wzb099\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\c9t7q9xd.default\prefs.js ]


[ File : C:\Users\jrmnr\AppData\Roaming\Mozilla\Firefox\Profiles\nei0cks9.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\jrmnr\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1797 octets] - [09/12/2013 10:11:58]
AdwCleaner[R1].txt - [931 octets] - [09/12/2013 10:19:04]
AdwCleaner[S0].txt - [1678 octets] - [09/12/2013 10:14:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1050 octets] ##########
My System SpecsSystem Spec
09 Dec 2013   #5

win7 64 bit
 
 

See anything suspicious?
My System SpecsSystem Spec
09 Dec 2013   #6
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

No, but I don't see what was deleted, either

Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

After rebooting, tell me if you still get the same message at startup --> "C:\user\jrmnr\AppData\Local\TBHostSupport\TBHostSupport.dll
The specified module could not be found"
My System SpecsSystem Spec
09 Dec 2013   #7

Windows 7 Home Premium 64Bit
 
 

I looked into the error specified, all i could see was other posts on alternate forums saying that it can be related to conduit and other malware.
My System SpecsSystem Spec
09 Dec 2013   #8

win7 64 bit
 
 

Unfortunately, even after running TFC the message is still there.
My System SpecsSystem Spec
09 Dec 2013   #9

Windows 7 Home Premium 64Bit
 
 

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
My System SpecsSystem Spec
09 Dec 2013   #10

win7 64 bit
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by jrmnr on Mon 12/09/2013 at 15:26:26.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
TBHostSupport REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\jrmnr\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4AC4A837-8B8C-4016-A36F-3CBF083DC03C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CAFC2AF4-2AB7-4E4E-BBAC-DFFBB7497D3B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\jrmnr\appdata\local\cre"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\jrmnr\AppData\Roaming\mozilla\firefox\profiles\nei0cks9.default\searchplugins\privitize.xml
Successfully deleted the following from C:\Users\jrmnr\AppData\Roaming\mozilla\firefox\profiles\nei0cks9.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1376679256);
user_pref("extensions.defaulttab.lastUsed", 1376680430);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "5");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.cntry", "US");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.dpkLst", "1169821598,3855095921,302281469,2400444324,3654782829,1334533236,3874294282,3866767559,3224935090,3 754950497,1766448872,2740670312,10
user_pref("extensions.privitize.excTlbr", false);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hdrMd5", "1476812F6451A3CD82E34AA7F087FB4C");
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=80ca95690000000000000024e82a637b&affilt=5");
user_pref("extensions.privitize.id", "80ca95690000000000000024e82a637b");
user_pref("extensions.privitize.instlDay", "15858");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=80ca95690000000000000024e82a637b&affilt=5");
user_pref("extensions.privitize.lastVrsnTs", "1.8.21.614:13:17");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=80ca95690000000000000024e82a637b&affilt=5");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.sg", "none");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=80ca95690000000000000024e82a637b&affilt=5&q=");
user_pref("extensions.privitize.vrsn", "1.8.21.6");
user_pref("extensions.privitize.vrsnTs", "1.8.21.614:13:17");
user_pref("extensions.privitize.vrsni", "1.8.21.6");
Emptied folder: C:\Users\jrmnr\AppData\Roaming\mozilla\firefox\profiles\nei0cks9.default\minidumps [362 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/09/2013 at 15:35:19.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My System SpecsSystem Spec
Reply

 annoying message




Thread Tools



Similar help and support threads for2: annoying message
Thread Forum
Annoying message, pls help Browsers & Mail
Media Gallery annoying message Media Center
Annoying error message that won't go away Software
Annoying Java update message Software
Annoying message at starting windows General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:55 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33