error loading stlb2.dll

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by flasunshine, Oct 2, 2004.

  1. flasunshine

    flasunshine Private E-2

    I'm getting this error message when I log into my computer:

    "Error loading stlb2.dll" "Module could not be found"

    Does anyone know if this is spy/malware related and what I can do to fix it. It also seems that my popup frequency has increased. Could the two be related.

    Thanks as always for your wonderful help!
     
  2. PhilliePhan

    PhilliePhan Guest

  3. flasunshine

    flasunshine Private E-2

    Thanks for the info. I have performed ALL of the steps in the Basic Spyware Removal thread, but the error message still appeared when I logged back in. Also, the instructions don't mention when you should go back in and turn the system restore back on, so if you could answer that question, I'd be grateful!


    Here is my Hijack This! log AFTER performing all the steps. Any help will be greatly appreciated.
     
    Last edited by a moderator: Oct 2, 2004
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you followed all the steps correctly you would have the correct version of HJT and would know it was not to be posted until we asked for it. In addition it should be an attachment.
     
  5. PhilliePhan

    PhilliePhan Guest

    Hi Flasunshine,

    Please read the following regarding HijackThis:
    http://forums.majorgeeks.com/showthread.php?t=38752

    Your HijackThis is out of date. It needs to be in its own folder C:\Program Files\HijackThis. Logs should be saved as .txt file and posted as attachments via "attachment manager tool" if a log is requested.

    That said, Hang In There :) There is a lot of bad stuff on your log, but we'll get you through it. You cannot turn system restore back on until you are clean.

    -Did you work the tutorial in Safe Mode with the viewing of hidden folders enabled?

    Download this tool and run it in safe mode:
    a-squared (a²) Free edition 1.

    Then attach an up to date HJT log. I'll try to check back later tonight to get you started. Keep checking this thread.
    There are a lot of things to clean up. Bear with us - this will take a bit of work! :)

    ***Looks like Chaslang is on the case. . . As usual ;) He is much better at this than I, so you are in good hands!

    Best,

    PP
     
    Last edited by a moderator: Oct 2, 2004
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As PP said you had a load of bad stuff. Bad enough to recommend you go back to the READ ME FIRST and run all the items in the "Alternative Scans - If still having problems" section. You should also run the below items:

    http://www.memorywatcher.com/uninst.exe
    http://tools.zerosrealm.com/PeperFix.exe
    Adware T.V. Media Removal Tool 1.1

    You should uninstall WildTangent and look for uninstalls in your Add/Remove programs for Winupdates and/or WinTools and uninstall if you can find an uninstall.

    After all that and getting the correct HJT version, post a new HJT log as a .txt file attachment.
    And as far as system restore is concerned, do not turn it on again until we are sure everything is fix and you gave it sufficient time to make sure it will not come back (that is usually after several reboots and some surfing in between).
     
  7. flasunshine

    flasunshine Private E-2

    please forgive me...I had posted before and didn't catch the "waiting" and "text file" part! Thought I knew it all.

    Since I last posted, I now cannot open my internet explorer browser. I have internet connect, as I can access my mail, and get to online games that have their own connection. When I try to load IE, it just spins and spins and spins...eventually, I get this on the status bar, no matter what page I am trying to open.

    "Opening page file:\\c:\Documents and Settings\Leslie\Local Settings\Temp\~DlfnTmp1 (or 2 or 3)\index.html"

    It's really a bad thing that I can't open the browser, because I can't read your responses! I am going to print them out here at work and take them home, but if y'all can think of anything else before 3:30 pm CDT, please post so I can print before I go home! Thanks so much!
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should have told us what you have done since your last post. Both PP and I have some messages after that. What have you done? DlfnTmp1 sounds like it may be Delfin Project. See this: http://www.pestpatrol.com/zks/pestinfo/d/delfin_media_viewer.asp
     
  9. flasunshine

    flasunshine Private E-2

    My apologies again!

    I did everything on the removal thread:

    Disabled System Restore
    Checked for the Network Security Stuff (none found)
    Enabled the file type stuff
    Downloaded and upgraded all the spyware tools; only hiccup was when I installed the VX2 cleaner. When I tried to run this plug in in AdAware, it wouldn't update or run. No error messages....it just didn't do anything.
    I ran the virus scan and security check. Nothing found there. Booted into Safe Mode and ran the stinger...nothing there either.
    I did steps 2, 3, & 4; only exception to these is on 3 when I tried to run the VX2 cleaner (see above).

    The log that I posted was AFTER I did all the steps above. The only thing I haven't done since I originally posted was update the Hijack this...and now that my browser won't load, I can't update it.

    I also ran a-squared; it found 4 things, but nothing changed after I cleaned them off.

    I apologize again for making this more difficult. I appreciate your help and patience. Thanks again.
     
  10. PhilliePhan

    PhilliePhan Guest

    Hi Flasunshine,

    Hang in there :) This may take some time and effort, but we'll stick with it as long as you do!

    For HijackThis, you can download an up to date version at work and put it on a floppy to take home. The three tools Chaslang recommended should fit on the floppy as well.

    You should also look in Add or Remove Programs to see if you can get rid of some obvious offenders. I'll look at your log again tonight - kinda tied up right now.

    Good luck,

    PP
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Hmmm! Please tell us the Ad-Aware SE version number you are using, the Ad-Aware reference file version, and the VX2 Cleaner Plug-in version.

    If you don't have the following, you are out of date:
    Ad-Aware SE Personal 1.05
    referencefile SE1R10 28.09.2004
    Ad-Aware VX2 Cleaner Plug-In 1.03
     
    Last edited: Oct 4, 2004
  12. PhilliePhan

    PhilliePhan Guest

    I forgot Chas deleted your log. If you are still having problems contacting us from your sick computer, you can run HJT and save the log as a .txt file on a floppy and send it to us from work tomorrow. Or from a friend's computer tonight (or a public library computer, for that matter). That way, we could have some suggestions for you to try tomorrow.

    Best,

    PP
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But please make sure it is HijackThis version 1.98.2.
     
  14. flasunshine

    flasunshine Private E-2

    Okie dokie fellows! I came home and loaded up IE and it is working (hallelujah!!), so we can still communicate.

    I had an old version of AdAware (I just checked for an update in what I thought was a month or so ago, but I've had 3 hurricanes since then and have lost track of time!!). Updated Ad aware and the plug in, ran it, and cleaned over 200 things out! (GOOD GRIEF!). I ran peper.exe and it found a few things and cleaned them out. The TV Media tool didn't find anything.

    I also updated my hijack this and have a .txt log that I have attached.

    I'm not so panicky now that I can open IE, but I really want to get this thing running properly again! You are all so great and I appreciate your patient help! Thanks again.
     

    Attached Files:

  15. PhilliePhan

    PhilliePhan Guest

    Hi Leslie?

    Your log shows that you are running HijackThis from the Desktop. It needs to be in a safe folder - C:\Program Files\HijackThis. This is because HJT saves backups in case a mistake is made. They need to be in a safe place in case you need to restore something.

    I'll take a look at your log this evening - Chaslang will probably beat me to it, though ;)

    Regards,

    PP
     
  16. flasunshine

    flasunshine Private E-2

    Thanks Phillie...I moved it to the program files folder.

    I appreciate your help and will check back later tonight to see what magic has been performed!
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Goto Add/Remove programs and look for and uninstall if found:
    - Viewpoint Manager (or Viewpoint Media Player or something like that)
    - WildTangent
    - ClockSync


    Open a DOS command prompt window (from Start->Programs->Accessories) and enter:

    cd c:\windows\system
    regsvr32 /u stlb2.dll


    Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them (if found):
    taskmgn.exe
    pcsvc.exe
    I.exe
    IEHost.exe
    AMJsCkv.exe
    usrdexts.exe


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
    O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
    O4 - HKLM\..\Run: [apiee32.exe] C:\WINDOWS\system32\apiee32.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Windows Task Manager] C:\windows\system32\taskmgn.exe
    O4 - HKLM\..\Run: C:\documents and settings\aj\local settings\temp\I.exe
    O4 - HKLM\..\Run: [AMJsCkv] C:\documents and settings\aj\local settings\temp\AMJsCkv.exe
    O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
    O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
    O4 - HKLM\..\Run: [AMJsCkv.exe] C:\documents and settings\aj\local settings\temp\AMJsCkv.exe
    O4 - HKLM\..\Run: [AutoLoadersspf1bXKaMXN] "C:\WINDOWS\System32\usrdexts.exe"
    O4 - HKLM\..\Run: [sF6V3ni] usrdexts.exe
    O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab


    Boot into safe mode and use Windows Explorer to delete(if they still exist):

    C:\Program Files\Viewpoint <--- the whole directory
    C:\Program Files\ClockSync <--- the whole directory
    C:\WINDOWS\System32/left.html
    C:\WINDOWS\system32\apiee32.exe
    C:\windows\system32\taskmgn.exe
    C:\documents and settings\aj\local settings\temp\I.exe
    C:\documents and settings\aj\local settings\temp\AMJsCkv.exe
    C:\WINDOWS\System32\IEHost.exe
    C:\WINDOWS\system32\pcs\pcsvc.exe
    C:\WINDOWS\System32\usrdexts.exe


    Now reboot in normal mode and post a new HJT log attachment and tell us how things are working.
     
  18. PhilliePhan

    PhilliePhan Guest

    Hi Flasunshine,

    Looks like Chaslang got everything. This is minor, but it should go as well:
    R3 - Default URLSearchHook is missing

    I think Chas left it in there on purpose to see if I would indeed follow him on your log. ;) (Lesson learned! :) )

    Cheers,

    PP
     
  19. flasunshine

    flasunshine Private E-2

    Hallelujah! At least the error stlb2.dll message is gone!!!

    Chaslang...it's a shame you aren't running for presient with PhilliePhan as your running mate! You would win by a landslide!

    I deleted everything I could find from your lists below (I noted the exceptions in case we ran into a snag). When I rebooted from safe mode into normal, the error message didn't appear (first time in a week).

    I will go play in Internet Explorer and see if anything is amiss.

    On the flip side, what can I do to keep these things from happening? I have virus scan, pest patrol, every spyware/malware program you can find on the net, still this keeps reoccurring. Any help you can give me to keep me from bugging you again would be mucho appreciated!

    Thanks again you guys! You are the best!
     
  20. flasunshine

    flasunshine Private E-2

    One other thing...I tried to uninstall that wild tangent thing, but it won't uninstall in control panel and I'm not sure how to completely get rid of it any other way. If you've got some tips on that one, please let me know! Thanks.
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nah! I wasn't testing you. I was just waiting until we got rid of the real baddies and then I wanted to do a Reset of Web Settings which would fix it anyway.
     
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you remove the lines in HijackThis? You forgot to post a new log as I requested so I can see what it looks like now.
     
  23. PhilliePhan

    PhilliePhan Guest

    Hi Flasunshine,

    Regarding anti-malware tools, obviously the ones you had were not working! ;)
    Besides a good and up to date anti-virus and firewall, I recommend the tools mentioned in the tutorial:
    Ad-Aware SE
    SpybotSD

    and Spyware Blaster. It is important that you internet update them regularly - every week to 10 days or so.

    PP
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let me add to what PP has said.

    Here are some simple steps you can take to reduce the chance of infection in the future. I strongly encourage you to do them all.

    1. Visit Windows Update:
    Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly
    patched OS.
    a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
    Do this at least once a month.
    b. Never add any site to your Trusted Sites Zone.

    2) Anti Virus: make sure you have one and keep it updated. Here are some good free ones:
    http://majorgeeks.com/download1968.html Avast
    http://majorgeeks.com/download886.html AVG
    The top two hands down. Better than Norton or McAfee!
    Only run ONE AV!

    3) Firewall: if you don't have one get one of these below. The last two are free versions:
    Don't care if your on dial up or High Speed....you must have a firewall
    http://majorgeeks.com/download738.html Kerio Personal Firewall
    http://majorgeeks.com/download3356.html Sygate Personal Firewall Free
    http://www.majorgeeks.com/download388.html ZoneAlarmFree

    4) Get a Temp File/Cookies/index.dat cleaner
    http://majorgeeks.com/download4191.html CCleaner (Crap Cleaner)

    5) SpyWare Prevention (These prevent, they are not scanners. Scanners are listed later.)
    http://majorgeeks.com/download2859.html SpyWare Blaster
    http://majorgeeks.com/download3045.html SpyWare Guard

    6) SpyWare Scanners/Removers
    http://majorgeeks.com/download2471.html SpyBot (Use the Immunize feature. I don't activate the TeaTimer)
    http://majorgeeks.com/download506.html Ad-aware SE
    http://www.majorgeeks.com/download4283.html VX2 Cleaner Plug-In for Ad-Aware

    Also, look into replacing Microsoft Java with Sun Java and also use Mozilla FireFox in place of Internet Explorer.
     
  25. PhilliePhan

    PhilliePhan Guest

    Chas,

    You should post that as a sticky. It'll make it easier to point people to it.

    PP
     
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I had talked to MA awhile ago about this subject. We have a thread in the FAQ forum: http://forums.majorgeeks.com/showthread.php?t=25834

    on this subject that I want to move here with my updates. Eventually I will get to it.
     
  27. PhilliePhan

    PhilliePhan Guest

    Until then, do you mind if I copy and paste it when needed - giving credit where credit is due, of course?

    PP
     
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No problem!
     
  29. flasunshine

    flasunshine Private E-2

    Yes, I removed it in Hijack this! I will post the log again tonight...I was just so excited that it was working properly I forgot to take care of the last steps!

    Also, I have a router on my computer. Is it necessary to have a firewall program if you have a router? I was told by my network guys at work that the router works the same as a firewall.
     
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Some routers have firewalls built-in and some do not. This is considered a hardware firewall. It would be a good idea to use a software firewall anyway since you have more control over it. Just do not use two software firewalls.
     
  31. flasunshine

    flasunshine Private E-2

    Here's my latest hijack this log. Thanks again guys!
     

    Attached Files:

  32. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    One final thing!

    Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address back to http://education.dellnet.com/
    Now click Apply. Then click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    After that post another HijackThis log. I want to see if this fixes the R3 line PP and I talked about earlier.
     
  33. flasunshine

    flasunshine Private E-2

    Private Sunshine reporting in, sir!

    Completed the tasks below. Have attached the latest hijack log. Thanks so much !!
     

    Attached Files:

  34. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Looks good! And as I suspected it fixes the R3 line too. Thanks for checking that out for me.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds