Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Paging SledgeDG: DLL still missing

09 Dec 2010   #1
NOVAman

Windows 7
 
 
Paging SledgeDG: DLL still missing

Hello,

I'm running on a CPU Windows 7. Whenever I start the computer, the
following message pops up: "there was a problem starting c:\\windows\system32\cnlyj3.dll
the specified module could not be found." I tried doing a system restore, but the computer claims that I don't have admin rights even though my profile says otherwise. I even created another profile w/ admin rights, but the computer again prevents a systems restore. Trying to do a system restore in safe mode also doesn't work.

I spoke to a few IT folks about this issue. They told me the've never heard of this dll or Windows 7 not recognizing that I've got admin rights. Google searches don't turn up anything so counting on your help! The dll message still happens after I ran McAfee and Hitman Pro 3.5.

How do I get rid of this message and gain legitimate admin rights to perform a system restore or backup?

TIA!!

~Lee


My System SpecsSystem Spec
.
09 Dec 2010   #2
SledgeDG

Windows 7 Ultimate x86
 
 

You're guys were right...that dll isn't part of anything in windows 7
you need to do a couple of things:
Normally I would say run http://technet.microsoft.com/en-us/s.../bb963902.aspx go through the ALL tab and remove theline where that dll is called but you said you don't have admin rights right now. Let's try it another way first:
First getting rid of said dll (or at least stop it from running for now)
run HijackThis - Trend Micro USA and post the log file here (don't let the program fix anything without confirmation just yet...just post the log !)
get Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com
and run a full scan. (if MBAM offers to remove the thread, let it ).

Anyways report back an we'll see where to go from there Chances are you'll get your admin rights back once that dll is kicked and a reboot of course..if so, restore to a former point...but let's take it one step a time
-DG
My System SpecsSystem Spec
10 Dec 2010   #3
NOVAman

Windows 7
 
 
Paging SledgeDG: DLL still missing

The Trend Micro HijackThis program doesn't work properly. It says taht some of the progarms cannot be installed to run a full check. As such, the DLL ist still missing. I also don't know how to post a log since it doesn't have one.

Can you please provide me your email address so we can talk that way or even on the phone? I'm leary of doing anything damaging to the computer w/o someone walking me through the process.

TIA!

Lee
My System SpecsSystem Spec
.

10 Dec 2010   #4
NOVAman

Windows 7
 
 

*bump* Can anyone else pls offer some advice?
My System SpecsSystem Spec
10 Dec 2010   #5
Tepid

Win 7 Ultimate 32bit
 
 

have you done what SledgeDG suggested?

Till then,, no.

That file has the characteristics of being malware, which was possibly cleaned/deleted, but the references still remain.

HiJackthis does work.
Just run it and click the first button
Copy and paste the log as requested.
My System SpecsSystem Spec
10 Dec 2010   #6
Hopalong X

Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
 
 

Quote:
The Trend Micro HijackThis program doesn't work properly. It says taht some of the progarms cannot be installed to run a full check. As such, the DLL ist still missing. I also don't know how to post a log since it doesn't have one.

Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com

If Hijack this will not download and run properly try the Malwarebytes as posted earlier.
Download, install then click the update tab.
Update then run scan.
My System SpecsSystem Spec
10 Dec 2010   #7
SledgeDG

Windows 7 Ultimate x86
 
 

At this point we are not doing anything damaging to the computer. we just collect information/evidence about where to disable the thread. So if you need to contact me, click on my icon go to my profile and send me a PM
As for Hijack This: if the error message is identical to this one
Paging SledgeDG: DLL still missing-capture.jpg
Then you can just ignore it since we don't intend to touch the HOSTS file at this moment.
Sorry for not mentioning that beforehand.
If you get any different error message please post it so we can take appr. action.

And most of all...Don't panic. I will let you know in advance if any action poses a risc to your computer.
so just sit down and relax with a nice cup of tea or whatever is after your liking.
You're in good hands
-DG


My System SpecsSystem Spec
10 Dec 2010   #8
NOVAman

Windows 7
 
 

I don't see where to send you a private message. Based on the below log from running the malwarybytes program, is the missing dll fixed?

Code:
 
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5291
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/10/2010 8:28:19 PM
mbam-log-2010-12-10 (20-28-19).txt
Scan type: Full scan (C:\|)
Objects scanned: 326642
Time elapsed: 41 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1BA20C1-A503-59BD-F413-03B53A2C8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1BA20C1-A503-59BD-F413-03B53A2C8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NmeaGuo (Trojan.Downloader.Gen) -> Value: uPc+kt0NmeaGuo -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mqug (Trojan.Agent) -> Value: Mqug -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mquglla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (Trojan.Agent) -> Value: Mquglla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClickPotatoLiteSA (Adware.ClickPotato) -> Value: ClickPotatoLiteSA -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uPc+kt0NmeaGuo (Trojan.Downloader.Gen) -> Value: uPc+kt0NmeaGuo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MqmPwg (Trojan.Downloader.Gen) -> Value: MqmPwg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\m\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.621.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.621.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.621.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
Files Infected:
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.519.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.621.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
My System SpecsSystem Spec
10 Dec 2010   #9
NOVAman

Windows 7
 
 
DLL error message gone?!

I think that did it! The program had to restart the computer and I don't get the missing DLL file anymore! Thanks so much!!

~Lee
My System SpecsSystem Spec
10 Dec 2010   #10
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Ok
Did a Google on the .dll
There are no hits. That usually means the worst type of virtus; could be a rootkit. My knowledge of these things comes through BSOD work. When I discover such things I refer it to our experts. We have 2. Will leave messages for them. The first one online will help
In the meantime, if the advice is not already given run a full antivirus and malwarebytes to see if it can be removed using that software.
Other than that I would wait for help to arrive. They will want the full Malwarebytes log, so you may want to run that. When it says to boot at the end be sure to do so.
My System SpecsSystem Spec
Reply

 Paging SledgeDG: DLL still missing




Thread Tools




Similar help and support threads
Thread Forum
Paging File
When I go to boot up the computer sometimes it states that my computer has made a temp paging file. Doesn't tell me where, it side it did. I have a RAM Disk installed which I've told the paging file to go to, to include my temp files. I've done this because I have an SSD.
Performance & Maintenance
What should I set my paging file to?
My ram is 4.00gb (3.80 usable). I now have my paging file set to 0. Someone told me not to this, so can anyone help me?
Performance & Maintenance
Paging with 8 GBs memory...
I've been running Vista and Seven without a page file for a long time, without any issues. Recently, I had a need to activate the page file, and did so reluctantly, with the goal being that disable it when the program is no longer used. Just for the kick of it, I've tested the page file usage...
Performance & Maintenance
SSD and paging file(s).
So many different "recommendations" - which is best and why 1) Keep page file on C: drive system managed 2) Keep page file on C: fixed small size if you have lots of ram 3) Move page file to another drive, system sized 4) Set 2nd system managed page file on a second drive, small page file on...
Hardware & Devices
64 GB SSD -- Paging and Photoshop -- wow
Hi all I ponyed up a few dollars fot a 64 GB SSD drive to use as a paging drive and as a Photoshop scratch area what a HUGE difference -- Even running 4 VM's on a 4GB machine is possible without grinding the whole thing to a halt. (Will of course be adding another 8GB later- I need to run a...
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:10.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App