Runn DLL

Status
Not open for further replies.

Gorby

New member
By doing scan with spybot 1.6 displays a Win32.Downloader.gen folder that could not eliminate even as administrator. When searching here on the forum I saw that had to download spybot 2.2 to solve the problem. I installed this program and he sent the files that were in quarantine folder where they remain. When you restart the PC appeared this message.

Spybot.jpg


I appreciate a help to solve the problem. Thanks.
-------------------------------------------------------
Edit
Forum FAQ for future reference. :) http://forums.spybot.info/showthread.php?t=288
 
Last edited by a moderator:
xlK5Hdb.png
Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select
    AVOiBNU.jpg
    Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
 
Hello Juliet. Best Regards.

My Norton 360 antivirus lets not install Farbar Recovery Scan Tool. It deletes the file.

The translation of .jpg

There was a problem starting the
C \ Users \ BUSH \ AppData \ Local \ Conduit \ BackgroundContainer \ BackgrounContainer.dll
Could not find the specified module.
 
I see you have peer-to-peer (P2P) file sharing software installed on your computer (Bit Torrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.
Your P2P software can be removed by following the instructions below.
  • Press the Windows Key
    pdKOQKY.png
    + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

**


Please go to add/remove programs and uninstall
BitTorrent
Pandora Service


~~~~
You may have to disable your antivirus protection to run these tools.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

FRSTfix.JPG



start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-254876875-3501504866-2801950793-1001 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-254876875-3501504866-2801950793-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
FF SelectedSearchEngine: Conduit Search
FF Plugin HKU\S-1-5-21-254876875-3501504866-2801950793-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\BUCHA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-254876875-3501504866-2801950793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\BUCHA\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {D72E0337-43D7-4EC0-ADB4-80201258D3D6} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\BUCHA\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:D1B5B4F1
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BY4dvz9.png
AdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select
    AVOiBNU.jpg
    Run as administrator
    to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.


~~~

Please post
Fixlog.txt
AdwCleaner.txt
 
I think I have done everything right. The PC restarted and will not appear that Run Dll window. Together the results you requested.
Good. Let's continue.

Please run a Threat Scan with Malwarebytes' Anti-Malware.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and
from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

********************************************

After you run Malwarebytes Anti-Malware and allow it to quarantine what it finds, post that log and please tell me what your computer is doing now.
 
Last edited:
GzlsbnV.png
ESET Online Scan Including External Drive
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Change... next to Current scan targets: Operating memory, Local drives
  • Place a checkmark next to any additional drives you wish to scan and click OK
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click
    esetListThreats.png
    . If no threats were found, skip the next two bullet points.
  • Click
    esetExport.png
    and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to
    xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png
    and click
    SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png
    .
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

How is your computer now?
 
I've done the scan with Malwerbytes and sending the result.

Sorry but I had forgotten to translate the message. Restarted the computer and is functioning normal.
 
It worked out well, and I am glad it is normal now.

let's continue

**

GzlsbnV.png
ESET Online Scan Including External Drive
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Change... next to Current scan targets: Operating memory, Local drives
  • Place a checkmark next to any additional drives you wish to scan and click OK
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click
    esetListThreats.png
    . If no threats were found, skip the next two bullet points.
  • Click
    esetExport.png
    and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to
    xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png
    and click
    SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png
    .
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

How is your computer now?
 
Did it allow you the option?

Ensure Remove found threats is unchecked.

OK, how is your computer now?
 
You did fine Gorby

One or more of the identified infections is a result of downloading cracked/pirated/keygen software. Participating in the use of such software is a security risk; your infected computer is evidence of this. Were you aware your machine has cracked software installed? We do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be reinfected otherwise. Simply visiting a cracked software site can result in infection from exploitation of vulnerabilities in your installed software.

Continuing in this practice will ensure your computer is continuously susceptible to malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please refer to the following articles for more information.
I am prepared to continue providing assistance as long as you agree to remove all traces of cracked software immediately.

~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


start
CloseProcesses:
C:\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}\chrome\bittorrentbar_pt.jar
C:\Users\BUCHA\Documents\Programas\Windows_8.1_Pro_X64_Activated.iso
C:\Users\BUCHA\Downloads\Malwarebytes.rar
D:\Documents and Settings\Bucha\Ambiente de trabalho\ccsetup318.exe
D:\Documents and Settings\Bucha\Os meus documentos\As minhas imagens\arvore_natal.rar
D:\Documents and Settings\Bucha\Os meus documentos\Doc. Bucha\O meu disco (G)\Os meus ficheiros recebidos\Win.Genuine.Advantage.Validation.v1.7.18.5.zip
D:\Documents and Settings\Bucha\Os meus documentos\Doc. Bucha\Os meus ficheiros recebidos\Win.Genuine.Advantage.Validation.v1.7.18.5.zip
D:\Documents and Settings\Bucha\Os meus documentos\Programas\MYPONY\MYPONY-www.superfreedownloads.net.zip
D:\Documents and Settings\Bucha\Os meus documentos\Programas\Novo Ofice 2010\Microsoft.Office.2010.RTM.PT-PT.x86.part1.rar
D:\Documents and Settings\Bucha.BUCHA\Definições locais\Temp\ASK2C.tmp
D:\Documents and Settings\Bucha.BUCHA.000\Os meus documentos\Downloads\KMPlayer_3.5.0.77_00_20130123015648.exe
D:\WINDOWS\Installer\MSI212.tmp
D:\WINDOWS\Installer\MSIF3.tmp
E:\Jogos\Warcraft III\w3battle_120e.rar
EmptyTemp:
CreateRestorePoint:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Please tell me how your computer is now.
 
Good Morning Juliet. I understand your meg. and thank you. The softwere you speak and is on the Scan is in D \\. I have two discs on the PC and each disk has two partitions. C \\ everything is cool. Pay Norton 360, Malwerebytes Antimalwere and Spybot is free Cclener too, but in D \\ I had Win XP and I'm no longer using. Before you do what you say I'll go first transfer documents because there have some important things and if he does not start for me is difficult to recover these doc .. After finishing will format the disk and is only for document storage and I'm with one operating system. Thanks for your patience.
 
I understand

How is the computer now?

Are we ready to remove tools and quarantine folders?
 
I understand

How is the computer now?

Are we ready to remove tools and quarantine folders?

The Run Dll window is not appearing anymore. The computer is working properly. After remove the D\\ documents I will scan with ESET if you agree and after i will post the result.
 
The Run Dll window is not appearing anymore. The computer is working properly. After remove the D\\ documents I will scan with ESET if you agree and after i will post the result.
Glad to hear the dll error has gone, and the computer works well again.

If you want to run ESET again you can, I leave that up to you. :)
 
Status
Not open for further replies.
Back
Top