Paging SledgeDG: DLL still missing

Page 1 of 2 12 LastLast

  1. Posts : 5
    Windows 7
       #1

    Paging SledgeDG: DLL still missing


    Hello,

    I'm running on a CPU Windows 7. Whenever I start the computer, the
    following message pops up: "there was a problem starting c:\\windows\system32\cnlyj3.dll
    the specified module could not be found." I tried doing a system restore, but the computer claims that I don't have admin rights even though my profile says otherwise. I even created another profile w/ admin rights, but the computer again prevents a systems restore. Trying to do a system restore in safe mode also doesn't work.

    I spoke to a few IT folks about this issue. They told me the've never heard of this dll or Windows 7 not recognizing that I've got admin rights. Google searches don't turn up anything so counting on your help! The dll message still happens after I ran McAfee and Hitman Pro 3.5.

    How do I get rid of this message and gain legitimate admin rights to perform a system restore or backup?

    TIA!!

    ~Lee
      My Computer


  2. Posts : 2,009
    Windows 7 Ultimate x86
       #2

    You're guys were right...that dll isn't part of anything in windows 7
    you need to do a couple of things:
    Normally I would say run http://technet.microsoft.com/en-us/s.../bb963902.aspx go through the ALL tab and remove theline where that dll is called but you said you don't have admin rights right now. Let's try it another way first:
    First getting rid of said dll (or at least stop it from running for now)
    run HijackThis - Trend Micro USA and post the log file here (don't let the program fix anything without confirmation just yet...just post the log !)
    get Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com
    and run a full scan. (if MBAM offers to remove the thread, let it ).

    Anyways report back an we'll see where to go from there Chances are you'll get your admin rights back once that dll is kicked and a reboot of course..if so, restore to a former point...but let's take it one step a time
    -DG
      My Computer


  3. Posts : 5
    Windows 7
    Thread Starter
       #3

    Paging SledgeDG: DLL still missing


    The Trend Micro HijackThis program doesn't work properly. It says taht some of the progarms cannot be installed to run a full check. As such, the DLL ist still missing. I also don't know how to post a log since it doesn't have one.

    Can you please provide me your email address so we can talk that way or even on the phone? I'm leary of doing anything damaging to the computer w/o someone walking me through the process.

    TIA!

    Lee
      My Computer


  4. Posts : 5
    Windows 7
    Thread Starter
       #4

    *bump* Can anyone else pls offer some advice?
      My Computer


  5. Posts : 1,403
    Win 7 Ultimate 32bit
       #5

    have you done what SledgeDG suggested?

    Till then,, no.

    That file has the characteristics of being malware, which was possibly cleaned/deleted, but the references still remain.

    HiJackthis does work.
    Just run it and click the first button
    Copy and paste the log as requested.
      My Computer


  6. Posts : 6,349
    Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
       #6

    The Trend Micro HijackThis program doesn't work properly. It says taht some of the progarms cannot be installed to run a full check. As such, the DLL ist still missing. I also don't know how to post a log since it doesn't have one.

    Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com

    If Hijack this will not download and run properly try the Malwarebytes as posted earlier.
    Download, install then click the update tab.
    Update then run scan.
      My Computer


  7. Posts : 2,009
    Windows 7 Ultimate x86
       #7

    At this point we are not doing anything damaging to the computer. we just collect information/evidence about where to disable the thread. So if you need to contact me, click on my icon go to my profile and send me a PM
    As for Hijack This: if the error message is identical to this one
    Paging SledgeDG: DLL still missing-capture.jpg
    Then you can just ignore it since we don't intend to touch the HOSTS file at this moment.
    Sorry for not mentioning that beforehand.
    If you get any different error message please post it so we can take appr. action.

    And most of all...Don't panic. I will let you know in advance if any action poses a risc to your computer.
    so just sit down and relax with a nice cup of tea or whatever is after your liking.
    You're in good hands
    -DG
      My Computer


  8. Posts : 5
    Windows 7
    Thread Starter
       #8

    I don't see where to send you a private message. Based on the below log from running the malwarybytes program, is the missing dll fixed?

    Code:
     
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org
    Database version: 5291
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    12/10/2010 8:28:19 PM
    mbam-log-2010-12-10 (20-28-19).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 326642
    Time elapsed: 41 minute(s), 18 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 38
    Registry Values Infected: 9
    Registry Data Items Infected: 0
    Folders Infected: 14
    Files Infected: 21
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
    HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1BA20C1-A503-59BD-F413-03B53A2C8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1BA20C1-A503-59BD-F413-03B53A2C8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Not selected for removal.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Not selected for removal.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NmeaGuo (Trojan.Downloader.Gen) -> Value: uPc+kt0NmeaGuo -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mqug (Trojan.Agent) -> Value: Mqug -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mquglla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (Trojan.Agent) -> Value: Mquglla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NmeaGuo (Trojan.Downloader.Gen) -> Value: uPc+kt0NmeaGuo -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwg (Trojan.Downloader.Gen) -> Value: MqmPwg -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Users\m\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.621.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.621.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.621.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
    Files Infected:
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\clickpotatolite\bin\10.0.621.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files (x86)\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    Last edited by Brink; 10 Dec 2010 at 21:14. Reason: code box
      My Computer


  9. Posts : 5
    Windows 7
    Thread Starter
       #9

    DLL error message gone?!


    I think that did it! The program had to restart the computer and I don't get the missing DLL file anymore! Thanks so much!!

    ~Lee
      My Computer


  10. Posts : 17,796
    Windows 10, Home Clean Install
       #10

    Ok
    Did a Google on the .dll
    There are no hits. That usually means the worst type of virtus; could be a rootkit. My knowledge of these things comes through BSOD work. When I discover such things I refer it to our experts. We have 2. Will leave messages for them. The first one online will help
    In the meantime, if the advice is not already given run a full antivirus and malwarebytes to see if it can be removed using that software.
    Other than that I would wait for help to arrive. They will want the full Malwarebytes log, so you may want to run that. When it says to boot at the end be sure to do so.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:39.
Find Us